www.ired.team Open in urlscan Pro
2606:4700::6812:191 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Submission: On June 18 via manual (June 18th 2021, 1:26:12 pm UTC) from CZ

Summary HTTP 107 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 28 IPs in 2 countries across 19 domains to perform 107 HTTP transactions. The main IP is 2606:4700::6812:191, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.ired.team.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 27th 2020. Valid for: a year.

This is the only time www.ired.team was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700::68... 2606:4700::6812:191	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	2606:4700::68... 2606:4700::6812:86f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.65.26 151.101.65.26	54113 (FASTLY) (FASTLY)
5	65.9.77.11 65.9.77.11	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	104.26.13.6 104.26.13.6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.72.28 192.0.72.28	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.72.20 192.0.72.20	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2606:4700:20:... 2606:4700:20::681a:adf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.26.2.136 104.26.2.136	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
15	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
10	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3035::6815:327f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
2	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
2	104.244.43.131 104.244.43.131	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
9	2600:1901:0:9... 2600:1901:0:94b6::	15169 (GOOGLE) (GOOGLE)
107	28

2 2606:4700::6812:191 (United States)

ASN13335 (CLOUDFLARENET, US)

www.ired.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7eaf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700::6812:86f (United States)

ASN13335 (CLOUDFLARENET, US)

gstatic.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gblobscdn.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.26 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 65.9.77.11 (United States)

ASN16509 (AMAZON-02, US)

cdn.iframe.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.13.6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bleepstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.72.28 (United States)

ASN2635 (AUTOMATTIC, US)

pentestlab.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.72.20 (United States)

ASN2635 (AUTOMATTIC, US)

bohops.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:adf (United States)

ASN13335 (CLOUDFLARENET, US)

www.datocms-assets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.2.136 (United States)

ASN13335 (CLOUDFLARENET, US)

www.mdsec.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

docs.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:327f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.lr-ingest.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.43.131 (United States)

ASN54113 (FASTLY, US)

abs-0.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

content.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1901:0:94b6:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

gitbook-28427.firebaseio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-usc1c-nss-230.firebaseio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	gitbook.com gstatic.gitbook.com gblobscdn.gitbook.com app.gitbook.com www.gitbook.com	6 MB
17	twitter.com platform.twitter.com syndication.twitter.com Failed	501 KB
16	google.com docs.google.com apis.google.com	518 KB
9	firebaseio.com gitbook-28427.firebaseio.com s-usc1c-nss-230.firebaseio.com	4 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com ssl.gstatic.com	797 KB
5	iframe.ly cdn.iframe.ly	20 KB
4	googleapis.com fonts.googleapis.com content.googleapis.com	2 KB
3	twimg.com cdn.syndication.twimg.com abs-0.twimg.com	4 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	wordpress.com pentestlab.files.wordpress.com bohops.files.wordpress.com	222 KB
2	ired.team www.ired.team	430 KB
1	lr-ingest.io cdn.lr-ingest.io	133 KB
1	mdsec.co.uk www.mdsec.co.uk	143 KB
1	datocms-assets.com www.datocms-assets.com	55 KB
1	medium.com miro.medium.com	58 KB
1	bleepstatic.com www.bleepstatic.com	68 KB
1	googleusercontent.com lh5.googleusercontent.com	7 KB
1	polyfill.io polyfill.io	531 B
1	unpkg.com unpkg.com	14 KB
107	19

	Domain	Requested by
17	gblobscdn.gitbook.com	www.ired.team gstatic.gitbook.com
15	platform.twitter.com	cdn.iframe.ly platform.twitter.com
10	docs.google.com	cdn.iframe.ly docs.google.com www.gstatic.com
8	s-usc1c-nss-230.firebaseio.com	gstatic.gitbook.com
7	gstatic.gitbook.com	www.ired.team gstatic.gitbook.com
6	apis.google.com	docs.google.com apis.google.com content.googleapis.com
5	cdn.iframe.ly	www.ired.team gstatic.gitbook.com
4	www.gstatic.com	docs.google.com
3	content.googleapis.com	apis.google.com
3	www.google-analytics.com	gstatic.gitbook.com
2	abs-0.twimg.com	www.ired.team platform.twitter.com
2	ssl.gstatic.com	www.gstatic.com
2	syndication.twitter.com	platform.twitter.com www.ired.team
2	www.ired.team	www.ired.team
1	gitbook-28427.firebaseio.com	gstatic.gitbook.com
1	cdn.syndication.twimg.com	platform.twitter.com
1	www.gitbook.com	gstatic.gitbook.com
1	app.gitbook.com	gstatic.gitbook.com
1	cdn.lr-ingest.io	gstatic.gitbook.com
1	fonts.gstatic.com	fonts.googleapis.com
1	www.mdsec.co.uk	www.ired.team
1	www.datocms-assets.com	www.ired.team
1	bohops.files.wordpress.com	www.ired.team
1	miro.medium.com	www.ired.team
1	pentestlab.files.wordpress.com	www.ired.team
1	www.bleepstatic.com	www.ired.team
1	lh5.googleusercontent.com	www.ired.team
1	polyfill.io	www.ired.team
1	unpkg.com	www.ired.team
1	fonts.googleapis.com	www.ired.team
107	30

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
github.com
twitter.com
www.patreon.com
www.gitbook.com
firebasestorage.googleapis.com
www.bleepingcomputer.com
pentestlab.blog
medium.com
bohops.com
www.securify.nl
www.mdsec.co.uk

Subject Issuer	Validity	Valid
www.ired.team Cloudflare Inc ECC CA-3	`2020-11-27` - `2021-11-26`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2020	`2021-06-04` - `2022-07-06`	a year	crt.sh
*.iframe.ly Amazon	`2020-12-17` - `2022-01-15`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.files.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-21` - `2022-01-21`	a year	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-05-06` - `2021-08-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
firebaseio.com GTS CA 1O1	`2021-01-12` - `2021-07-11`	6 months	crt.sh

This page contains 13 frames:

Primary Page: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Frame ID: 0EBEE9FD6D990E1498A45A7DF71B7E98
Requests: 45 HTTP requests in this frame

Frame: https://cdn.iframe.ly/api/iframe?url=http%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf&key=4fb668ebc74b721f3c2230d81634c8bc
Frame ID: 46AE06EAD0D86DAA3BEE44394A2F9614
Requests: 1 HTTP requests in this frame

Frame: https://cdn.iframe.ly/api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
Frame ID: F27D9BF99B08C924B8C9D63EC0ECE887
Requests: 2 HTTP requests in this frame

Frame: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
Frame ID: 1BB119933EB12283F6345B0F5E011449
Requests: 6 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fcdn.iframe.ly
Frame ID: B09748490F2814F3D9E09E2E526056A5
Requests: 2 HTTP requests in this frame

Frame: https://cdn.iframe.ly/api/iframe?url=http%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf&key=4fb668ebc74b721f3c2230d81634c8bc
Frame ID: EA3FE935DB8EFF133C1B5A58DEEF341C
Requests: 1 HTTP requests in this frame

Frame: https://cdn.iframe.ly/api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
Frame ID: C0DCDF7D954605B736B4EEBEB795C5D3
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fcdn.iframe.ly
Frame ID: F50907C5037AFCE838CC73E847B57168
Requests: 2 HTTP requests in this frame

Frame: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
Frame ID: 205D1C228072A0FA077144423E400628
Requests: 18 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Frame ID: 46BB54E0692FE99E892FE45D7DD1A5DA
Requests: 14 HTTP requests in this frame

Frame: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.bnEFfFZ9cyI.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ%2Fm%3D__features__
Frame ID: 9797D20A227CD151AE9014921464381B
Requests: 5 HTTP requests in this frame

Frame: https://gitbook-28427.firebaseio.com/.lp?start=t&ser=93522370&cb=1&v=5
Frame ID: 15BE96F7A0D23C7FCF04F5157EBC1F1C
Requests: 8 HTTP requests in this frame

Frame: https://s-usc1c-nss-230.firebaseio.com/.lp?dframe=t&id=12824652&pw=hLujHNWI0W&ns=gitbook-28427
Frame ID: 834A228B9993DE11B4B8A149065CB1B4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/polyfill\.min\.js/i

Page Statistics

107
Requests

95 %
HTTPS

70 %
IPv6

19
Domains

30
Subdomains

28
IPs

2
Countries

9563 kB
Transfer

19713 kB
Size

1
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/in/mantvydasb/
Title: linkedin

Search URL Search Domain Scan URL

URL: https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques
Title: github

Search URL Search Domain Scan URL

URL: https://twitter.com/spotheplanet
Title: @spotheplanet

Search URL Search Domain Scan URL

URL: https://www.patreon.com/iredteam
Title: patreon

Search URL Search Domain Scan URL

URL: https://www.gitbook.com/?utm_source=content&utm_medium=trademark&utm_campaign=mantvydas
Title: Powered by GitBook

Search URL Search Domain Scan URL

URL: https://firebasestorage.googleapis.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCBMz_bmmh8TjyBMWI%2F-LKCBShcRBkX-C8wHDqk%2FTotes%20not%20a%20scam.docx?alt=media&token=6d530fd8-db09-472a-841b-f5b3570d1216
Title: Forced SMBv2 Authentication - MS Word FileTotes not a scam.docx - 12KB

Search URL Search Domain Scan URL

URL: https://firebasestorage.googleapis.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCb8ii9Ps9k77ApNJN%2F-LKCbD5PDxdhLsU3TlEt%2F%40fa.scf?alt=media&token=7946b8c6-4a87-4d0b-beed-0a1c00db1f76
Title: fa.scf@fa.scf - 94B

Search URL Search Domain Scan URL

URL: https://firebasestorage.googleapis.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LFEMnER3fywgFHoroYn%2F-LTIlHXY1_59Aa8z2oVJ%2F-LTIs3l6GF3Nvkmpiau1%2Ftest-xls-stylesheet.xml?alt=media&token=97862e88-3d5a-4418-be40-2331140508bc
Title: test-xls-stylesheet.xmltest-xls-stylesheet.xml - 466B

Search URL Search Domain Scan URL

URL: https://firebasestorage.googleapis.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LFEMnER3fywgFHoroYn%2F-LTItDXo_VwQdF8UZfy4%2F-LTIvcpwM6vXaLP64QP2%2Fsmb-image.xml?alt=media&token=b8096d69-4653-4ccc-9cd3-2332cdb29259
Title: smb-image.xmlsmb-image.xml - 46KB

Search URL Search Domain Scan URL

URL: https://github.com/Kevin-Robertson/Powermad
Title: PowerMad

Search URL Search Domain Scan URL

URL: https://github.com/mdsecactivebreach/Farmer
Title: Farmer

Search URL Search Domain Scan URL

URL: https://twitter.com/domchell?s=20
Title: @domchell

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/security/you-can-steal-windows-login-credentials-via-google-chrome-and-scf-files/
Title: You Can Steal Windows Login Credentials via Google Chrome and SCF FilesJust by accessing a folder containing a malicious SCF file, a user will unwittingly share his computer's login credentials with an attacker via Google Chrome and the SMB protocol.www.bleepingcomputer.com

Search URL Search Domain Scan URL

URL: https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/
Title: SMB Share – SCF File AttacksSMB is a protocol which is widely used across organisations for file sharing purposes. It is not uncommon during internal penetration tests to discover a file share which contains sensitive informa…pentestlab.blog

Search URL Search Domain Scan URL

URL: https://medium.com/@markmotig/a-better-way-to-capture-hashes-with-no-user-interaction-by-markmo-bd1569bfa208
Title: A better way to capture hashes with no user interaction by @_markmo_I found a better way to capture hashes from a post by @insertscript on twittermedium.com

Search URL Search Domain Scan URL

URL: https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents/
Title: Capturing NetNTLM Hashes with Office [DOT] XML DocumentsTL;DR An Office XML (.xml) document can call a remote XSL stylesheet over SMB. If this occurs against an attacker controlled server, the net-NTLM authentication hash (challenge/response) of that u…bohops.com

Search URL Search Domain Scan URL

URL: https://www.securify.nl/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html
Title: Living off the land: stealing NetNTLM hashesSecurify provides reality checks to lower security risks and build up resilience against threats. Agile Security, Pentesting (scenario-based) and Red Teaming.www.securify.nl

Search URL Search Domain Scan URL

URL: https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/
Title: Farming for Red Teams: Harvesting NetNTLM - MDSecOverview In the ActiveBreach red team, we’re always looking for innovative approaches for lateral movement and privilege escalation. For many of the environments we operate in, focusing on the classic...www.mdsec.co.uk

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request t1187-forced-authentication Show response
www.ired.team/offensive-security/initial-access/ 2 MB
429 KB 114ms
63ms Document
text/html 2606:4700::6812:191
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:191 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b1fec247f841a6035f977cab10485d4ebe526c43e5dc28ad021a15418b9a54e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' gstatic.gitbook.com .gitbook-staging.com .gitbook.com .firebaseio.com wss://.firebaseio.com .cloudfunctions.net .googleapis.com .gstatic.com data: .google.com .github.com .algolianet.com .algolia.net sentry.io .logrocket.io .lr-ingest.io .stripe.com .clearbit.com .google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net .iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' .firebaseio.com .google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io .stripe.com .clearbit.com .google-analytics.com .iframe.ly .gstatic.com cdnjs.cloudflare.com .intercom.io .intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://.intercom-attachments.com; frame-src ; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' gstatic.gitbook.com .gitbook-staging.com .gitbook.com .firebaseio.com wss://.firebaseio.com .cloudfunctions.net .googleapis.com .gstatic.com data: .google.com .github.com .algolianet.com .algolia.net sentry.io .logrocket.io .lr-ingest.io .stripe.com .clearbit.com .google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net .iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' .firebaseio.com .google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io .stripe.com .clearbit.com .google-analytics.com .iframe.ly .gstatic.com cdnjs.cloudflare.com .intercom.io .intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://.intercom-attachments.com; frame-src ; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.ired.team
:scheme: https
:path: /offensive-security/initial-access/t1187-forced-authentication
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:52 GMT
content-type: text/html; charset=utf-8
cf-ray: 6614d89c6bba0610-FRA
age: 66141
cache-control: public, max-age=86400, s-maxage=86400, stale-while-revalidate=3600, stale-if-error=43200
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Authorization, Cookie, X-CDN-Host
cf-cache-status: HIT
cf-request-id: 0ac0e5b5c500000610748f8000000001
content-security-policy: default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
function-execution-id: gh01333823s8
referrer-policy: no-referrer-when-downgrade
x-cdn-cache-group: -LFEMnER3fywgFHoroYn
x-cloud-trace-context: 261f79fbbd57af22b65df3a10e86138a
x-content-security-policy: default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-webkit-csp: default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: gzip

GET
H2 200 css
fonts.googleapis.com/ 2 KB
672 B 17ms
14ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6da43a0ac4abcb5bc4b10164a762759e5cc81f37e00033643034a891fb490c82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Jun 2021 12:30:44 GMT
server: ESF
date: Fri, 18 Jun 2021 13:25:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Jun 2021 13:25:52 GMT

GET
H2 200 emojione-sprite-40.min.css
unpkg.com/emojione-assets@4.0.0/sprites/ 183 KB
14 KB 24ms
22ms Stylesheet
text/css 2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/emojione-assets@4.0.0/sprites/emojione-sprite-40.min.css

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7574511
vary: Accept-Encoding
cf-request-id: 0ac0e5b60c0000dff352089000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"2dc7c-MlEndlChcp6B66cJCh5yD8CB/Fo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: e0ac7d85fe9bfe99ddd0e0018c758a56
cache-control: public, max-age=31536000
cf-ray: 6614d89cd9bcdff3-FRA

GET
H2 200 6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 1 KB
1 KB 91ms
38ms Stylesheet
text/css 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:52 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 4926692
cf-polished: origSize=1701
x-guploader-uploadid: ABg5-UwiIdAcAjrmRlFxwdUIs61NAokkry_-iZ807hfyhPF7n05ywV-MhhKGJXAj1nhFXaaZ1Wx1tw1RuwfcZvRBTHA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/css
cf-request-id: 0ac0e5b6440000d6fd65073000000001
last-modified: Wed, 07 Apr 2021 08:43:49 GMT
server: cloudflare
etag: W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation: 1617785029532093
access-control-allow-origin: *
expires: Thu, 21 Apr 2022 20:23:08 GMT
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1701
cf-ray: 6614d89d385ad6fd-FRA
cf-bgj: minify

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 72 B
531 B 26ms
8ms Script
text/javascript 151.101.65.26
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?flags=gated&features=Intl

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.65.26 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 872790
detected-user-agent: Chrome/89.0.4389
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Tue, 08 Jun 2021 10:31:29 GMT
date: Fri, 18 Jun 2021 13:25:52 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/89.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 embed.js Show response
cdn.iframe.ly/ 22 KB
7 KB 53ms
15ms Script
application/javascript 65.9.77.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/embed.js
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 0226f11690adfd32f7a6c13588d35e8b59ab0ab7446919a154c2bd249da93434

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 16:21:40 GMT
content-encoding: br
last-modified: Fri, 30 Apr 2021 13:27:40 GMT
server: nginx
age: 75852
etag: W/"608c05cc-5630"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: GiZzAoE4y-dfR4viohCIfjYcLqe3i2VUiuA5yfrl4gnn0kBXcEcC1Q==
via: 1.1 a06d82f018833bef3e7f2e9fd230e5ee.cloudfront.net (CloudFront)

GET
H2 200 spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png
gblobscdn.gitbook.com/ 28 KB
29 KB 68ms
37ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:52 GMT
cf-cache-status: HIT
age: 4862537
x-guploader-uploadid: ABg5-UzTfWJh6V0B0k2lFPabkrMdmvV3nYkpS2yXi96O2qwxzor09DJgESW3o58wiAWT6dRVCB72aizzWA6t6Q6FplW3MkbWYA
x-goog-storage-class: STANDARD
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
content-type: image/png
content-length: 29066
cf-request-id: 0ac0e5b62f0000312800071000000001
last-modified: Sat, 08 Sep 2018 20:00:14 GMT
server: cloudflare
etag: "2965c5f978755802debc0291c5574853"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation: 1536436814766237
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 29066
x-goog-meta-firebasestoragedownloadtokens: 1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges: bytes
cf-ray: 6614d89d1c793128-FRA
expires: Sat, 23 Apr 2022 06:43:34 GMT

GET
H2 200 photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 7 KB
7 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 11:39:39 GMT
x-content-type-options: nosniff
age: 6373
content-disposition: inline;filename=""
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6707
x-xss-protection: 0
server: fife
etag: "v5e"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Jun 2021 15:16:57 GMT

GET
H2 200 iframe Show response
cdn.iframe.ly/api/ Frame 46AE 12 KB
4 KB 362ms
331ms Document
text/html 65.9.77.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/api/iframe?url=http%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf&key=4fb668ebc74b721f3c2230d81634c8bc
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / iframe.ly
Resource Hash: 760760f811379710e7f1d2a12c0eaca8270b3374b28fcb9f9477a36388703b99

Request headers

:method: GET
:authority: cdn.iframe.ly
:scheme: https
:path: /api/iframe?url=http%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf&key=4fb668ebc74b721f3c2230d81634c8bc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Response headers

content-type: text/html; charset=utf-8
server: nginx
date: Fri, 18 Jun 2021 13:25:53 GMT
x-powered-by: iframe.ly
access-control-allow-origin: *
cache-control: no-cache, max-age=0
expires: Fri, 18 Jun 2021 13:25:53 GMT
etag: W/"607f6b5f79c5db6e28cbd028bd9f92d8"
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a06d82f018833bef3e7f2e9fd230e5ee.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: tpynB7yicNMJiMz4PoXNTJouBTAFH4WAztvZEByPNeetL3fg5KRRoA==

GET
H2 200 iframe Show response
cdn.iframe.ly/api/ Frame F27D 6 KB
3 KB 362ms
333ms Document
text/html 65.9.77.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / iframe.ly
Resource Hash: 3a04c6375070d506b489e274f84aae46da83d8f8a86a1325f695b8c874450c33

Request headers

:method: GET
:authority: cdn.iframe.ly
:scheme: https
:path: /api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Response headers

content-type: text/html; charset=utf-8
server: nginx
date: Fri, 18 Jun 2021 13:25:53 GMT
x-powered-by: iframe.ly
access-control-allow-origin: *
cache-control: no-cache, max-age=0
expires: Fri, 18 Jun 2021 13:25:53 GMT
etag: W/"6a6eb1a66c51f0d3f4f259262aeb1c11"
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a06d82f018833bef3e7f2e9fd230e5ee.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: Zk_UnogW_JZRr6IavaYXHA3SC3lD63qFOBy4tcTJ8BA9NgjlJFmOwA==

GET
H2 200 email-decode.min.js Show response
www.ired.team/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
972 B 13ms
8ms Script
application/javascript 2606:4700::6812:191
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ired.team/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:191 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.ired.team
referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jun 2021 08:10:34 GMT
server: cloudflare
etag: W/"60c9b1fa-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800 public
cf-ray: 6614d89cfd4d0610-FRA
vary: Accept-Encoding
cf-request-id: 0ac0e5b61b0000061046b3b000000001
expires: Sun, 20 Jun 2021 13:25:52 GMT

GET
H2 200 111.f142f50e.js Show response
gstatic.gitbook.com/js/ 3 MB
945 KB 84ms
60ms Script
application/javascript 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb929919479b2afe4e756a8ab718e9adbc8d94dbd0504da1cf4cea2b252833cc

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:52 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 4862538
cf-polished: origSize=3418521
x-guploader-uploadid: ABg5-Uz3PpVS5rmLAQqyx-Bv43SHB5qBoEgLF9EGcOUffq1ADGmF9a4Yz68fHeL2roHduhQQGD7FQcctPucVTg5fsEA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 0ac0e5b66f0000d6c51b0e1000000001
expires: Fri, 22 Apr 2022 15:46:59 GMT
last-modified: Wed, 07 Apr 2021 08:43:49 GMT
server: cloudflare
etag: W/"876655ac803da8f0cf014bda9a896170"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=B4hFnA==, md5=h2ZVrIA9qPDPAUvamolhcA==
x-goog-generation: 1617785029720049
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 3418521
cf-ray: 6614d89d7ff4d6c5-FRA
cf-bgj: minify

GET
H2 200 WindowsPassword.jpg
www.bleepstatic.com/content/hl-images/2017/05/16/ 68 KB
68 KB 416ms
350ms Image
image/jpeg 104.26.13.6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bleepstatic.com/content/hl-images/2017/05/16/WindowsPassword.jpg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.13.6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe6d102409cbfdbf8a541647e62b903508eb4125f9211d7d4bf2395cf0962e4f

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
content-length: 69488
cf-request-id: 0ac0e5b719000054ca7c294000000001
last-modified: Tue, 16 May 2017 22:43:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=sAjUsOQgI%2Fk8kuxWoVmjehstkvZW%2Fg6xBLsZR9AfJ0tpHEvDAKw8SqQpN40iTXE%2BlLscteNNKR%2BaHvIsAtl%2B9a3vBBpiOfrC%2BgAUaXTCsIq1vdl2HNJAmo6Dw4l6fAIV"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 6614d89e8ca454ca-MAN
expires: Sun, 18 Jul 2021 13:25:52 GMT

GET
H2 200 metasploit-multi-handler-module-for-smb-relay.png
pentestlab.files.wordpress.com/2017/12/ 103 KB
103 KB 29ms
7ms Image
image/png 192.0.72.28
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlab.files.wordpress.com/2017/12/metasploit-multi-handler-module-for-smb-relay.png

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.28 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

77e9d07237a128f87d511fba4fb49686858573f8c2e02e468bf7a74ad9d8d2d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 28 np
date: Fri, 18 Jun 2021 13:25:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 13 Dec 2017 08:38:12 GMT
server: nginx
accept-ranges: bytes
vary: Origin
content-type: image/png
access-control-allow-origin: https://pentestlab.wordpress.com
x-orig-src: 01_mogdir
access-control-allow-credentials: true
content-length: 105022
expires: Sun, 20 Jun 2021 20:19:38 GMT

GET
H2 200 1*fCcNzzty8DFieV3Rvc6JBA.png
miro.medium.com/max/722/ 58 KB
58 KB 157ms
135ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/722/1*fCcNzzty8DFieV3Rvc6JBA.png

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ed9afbb1ec6613529f40789a8f2ea104c522c085491d031c5bd4ac4a2e36b8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-envoy-upstream-service-time: 26
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 59051
cf-request-id: 0ac0e5b6e2000005f154333000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20210524-162717-f383c62fea
accept-ranges: bytes
cf-ray: 6614d89e388505f1-FRA
expires: Sun, 18 Jul 2021 13:25:53 GMT

GET
H2 200 11_captured_nethash.png
bohops.files.wordpress.com/2018/08/ 119 KB
120 KB 29ms
6ms Image
image/png 192.0.72.20
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bohops.files.wordpress.com/2018/08/11_captured_nethash.png

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.20 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c054af933e4d4baf553670d71b6cf788d973a952cc127dade3993c3ef490cef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 20 np
date: Fri, 18 Jun 2021 13:25:52 GMT
x-content-type-options: nosniff
last-modified: Sat, 04 Aug 2018 07:02:07 GMT
server: nginx
accept-ranges: bytes
vary: Origin
content-type: image/png
access-control-allow-origin: https://bohops.wordpress.com
x-orig-src: 01_mogdir
access-control-allow-credentials: true
content-length: 122032
expires: Wed, 07 Jul 2021 07:34:54 GMT

GET
H2 200 1592477818-lolntlm.png
www.datocms-assets.com/21957/ 54 KB
55 KB 350ms
313ms Image
image/jpeg 2606:4700:20::681a:adf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.datocms-assets.com/21957/1592477818-lolntlm.png?w=1000&fit=max&fm=jpg

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:adf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a110b04ad3560c208e5691cef59a6850572ce61e1532e01d562b00d618eb95e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-version: 2
date: Fri, 18 Jun 2021 13:25:53 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-cache: HIT, HIT
x-imgix-id: 1a6dcd380fce7b981113ef3b31ec200461a44e03
x-status: MISS
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-length: 55450
cf-request-id: 0ac0e5b6f200004ec7a520e000000001
x-served-by: cache-sjc10059-SJC, cache-fra19174-FRA
last-modified: Thu, 10 Jun 2021 09:45:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JO0dDC%2F8v4zaHiQpQ8UjAI2wArKmDEq0s0KaXjfW8NVbqfpt3rDUvrcxKFU%2BCU6MS081J3DwRYktw%2FkwzBQ41PByrkHQMF1c8OZlmgpXH0URnYY6sB9s%2FHwBnNAQB%2Fs4l6TveojpO3OCcCkH1QAV"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6614d89e480a4ec7-FRA
cross-origin-resource-policy: cross-origin

GET
H2 200 tim-van-der-kuip-CPs2X8JYmS8-unsplash.jpg
www.mdsec.co.uk/wp-content/uploads/2019/11/ 142 KB
143 KB 180ms
115ms Image
image/jpeg 104.26.2.136
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mdsec.co.uk/wp-content/uploads/2019/11/tim-van-der-kuip-CPs2X8JYmS8-unsplash.jpg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.2.136 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 086414cb3474bb7d8c7ccb0279a288ee87955a1533a80e3793a9d0e97a42d880

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: REVALIDATED
nel: {"report_to":"cf-nel","max_age":604800}
cf-polished: status=not_needed
content-length: 145768
cf-request-id: 0ac0e5b71900001887bc85c000000001
last-modified: Sat, 27 Jun 2020 19:10:21 GMT
server: cloudflare
etag: "23968-5a91593bc2063"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=yGuND2d%2BNN0Qt51YWXVIBxaRVxpAuOxOGJ5JGyONPGh57xiMg2toFtN68j8dM7tkaPpDtFap6a0m1XIs3q6qplghHI78%2B8K5GoGaQMZdiBaV5rFfZAH6cekR8BU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 6614d89e8e341887-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 f4fa50c4003f87e7dc10459e500933c3.woff
gstatic.gitbook.com/fonts/ 92 KB
93 KB 34ms
33ms Font
font/woff 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/fonts/f4fa50c4003f87e7dc10459e500933c3.woff
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:52 GMT
cf-cache-status: HIT
age: 4861251
x-guploader-uploadid: ABg5-UxyEzdcNSdaJtXWOu_1a_Udqa_IwHrRlOjvAN1WdWLiRwt_LkJphbV5J8YSQYHy5mSn7RZDeP804aUQsKcyUKyG167dEA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: font/woff
content-length: 94368
cf-request-id: 0ac0e5b6cf0000d6c511095000000001
last-modified: Wed, 07 Apr 2021 08:43:49 GMT
server: cloudflare
etag: "f4fa50c4003f87e7dc10459e500933c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=FUjfEA==, md5=9PpQxAA/h+fcEEWeUAkzww==
x-goog-generation: 1617785029592662
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 94368
accept-ranges: bytes
cf-ray: 6614d89e1921d6c5-FRA
expires: Wed, 20 Apr 2022 06:41:18 GMT

GET
H2 200 72e37e5bf95a8dba938c78b1d7d91253.woff
gstatic.gitbook.com/fonts/ 92 KB
92 KB 42ms
42ms Font
font/woff 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/fonts/72e37e5bf95a8dba938c78b1d7d91253.woff
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 47211
x-guploader-uploadid: ABg5-UzGpJvl1DZKDHynFkXDMCOlLpByNyrFzv2A3YTggRb2L6aDrsguhr3X191gds5Wy0b3jZX6DQBjr1LX9vSuVJw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: font/woff
content-length: 94040
cf-request-id: 0ac0e5b6d80000d6c5a307d000000001
last-modified: Wed, 07 Apr 2021 08:43:49 GMT
server: cloudflare
etag: "72e37e5bf95a8dba938c78b1d7d91253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=TBIniA==, md5=cuN+W/lajbqTjHix19kSUw==
x-goog-generation: 1617785029573691
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 94040
accept-ranges: bytes
cf-ray: 6614d89e1924d6c5-FRA
expires: Sun, 12 Jun 2022 10:00:50 GMT

GET
H2 200 fc3d4b35e4d07d4e0485cc2db0e57c77.woff
gstatic.gitbook.com/fonts/ 92 KB
92 KB 48ms
48ms Font
font/woff 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/fonts/fc3d4b35e4d07d4e0485cc2db0e57c77.woff
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 3080859
x-guploader-uploadid: ABg5-UwGan3w8btTIOf0-1SNEwpK9JOOZoD4LEnV2f8danvAeKtwlLE3CqzpT_qB0OsDZnlApI2ADMahkX2V5j6snsU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: font/woff
content-length: 93788
cf-request-id: 0ac0e5b6e60000d6c5da170000000001
last-modified: Wed, 07 Apr 2021 08:43:49 GMT
server: cloudflare
etag: "fc3d4b35e4d07d4e0485cc2db0e57c77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=7TN+QQ==, md5=/D1LNeTQfU4EhcwtsOV8dw==
x-goog-generation: 1613469465501597
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 93788
accept-ranges: bytes
cf-ray: 6614d89e2943d6c5-FRA
expires: Wed, 20 Apr 2022 06:26:20 GMT

GET
H2 200 HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq.woff2
fonts.gstatic.com/s/sourcecodepro/v14/ 13 KB
13 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcecodepro/v14/HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f29cd3a2bdcacf9f9f7285c9b74d89f55634f4d43752d81a48914afa7442eb66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.ired.team
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 10:07:34 GMT
x-content-type-options: nosniff
age: 530298
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13540
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:51:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 10:07:34 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKC4fAdfKEX0Kd4zlgf%2Fforced-auth-word.png
gblobscdn.gitbook.com/ 72 KB
72 KB 41ms
37ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKC4fAdfKEX0Kd4zlgf%2Fforced-auth-word.png?alt=media&token=56a8a1a8-8905-49ee-8414-e4baa5835b38
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a11862f0ff7979b1bcb734522c5bf4613ba1f683fc0e487829df33238c2816a4

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 206978
x-guploader-uploadid: ABg5-UzzTlRxYxD2-rRk-qlFcfLEnHOmk-UEhGiocFAwxduHYeTU6oe744rgeA_KfFgNMwXlKbJiInZoaXD3jZ7jFzY
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-auth-word.png
content-type: image/png
content-length: 73360
cf-request-id: 0ac0e5b72e000031280008d000000001
last-modified: Sat, 18 Aug 2018 13:15:45 GMT
server: cloudflare
etag: "23905d7d4442dceaf0c1ee211d073ea1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=XeejgQ==, md5=I5BdfURC3Orwwe4hHQc+oQ==
x-goog-generation: 1534598145346936
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 73360
x-goog-meta-firebasestoragedownloadtokens: 56a8a1a8-8905-49ee-8414-e4baa5835b38
accept-ranges: bytes
cf-ray: 6614d89ea94b3128-FRA
expires: Thu, 16 Jun 2022 03:56:15 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKC95OKwWvm9FWiXc6e%2Fforced-auth-hashes.png
gblobscdn.gitbook.com/ 21 KB
21 KB 456ms
452ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKC95OKwWvm9FWiXc6e%2Fforced-auth-hashes.png?alt=media&token=771cfa33-9f02-439f-940f-3d0948c9f091
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c90b2824b0db62fd4ed6996183d5379b0791afa57dd4bbd82c295f5240edda23

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-Uxri0SVbctsudKhcvDsQVrexAHTIKibOBnpuiXIAhpvIcIFHQCsx65gh7vyyPmATX-Zv_pNE3uMiU0clfT_MVM
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-auth-hashes.png
content-type: image/png
content-length: 21282
cf-request-id: 0ac0e5b72f00003128880f9000000001
last-modified: Sat, 18 Aug 2018 13:15:44 GMT
server: cloudflare
etag: "1990029b295aaa97d770500fd53d34d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=7maqbw==, md5=GZACmylaqpfXcFAP1T001A==
x-goog-generation: 1534598144869312
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 21282
x-goog-meta-firebasestoragedownloadtokens: 771cfa33-9f02-439f-940f-3d0948c9f091
accept-ranges: bytes
cf-ray: 6614d89eb94e3128-FRA
expires: Sat, 18 Jun 2022 13:25:53 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKCA3c5a-MzMOTuxx3q%2Fforced-auth-cracked.png
gblobscdn.gitbook.com/ 61 KB
61 KB 454ms
451ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKCA3c5a-MzMOTuxx3q%2Fforced-auth-cracked.png?alt=media&token=dd0c439f-c26f-4778-94f6-23f5831ea7ec
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66d254301b86eaf800b047a3f4d3f1530e1ae6ccdd90e30875e9f49cdc2ab894

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-Uyu1r4Gmp8J0KrccyBJj2eBtPD2EoM8Spc9AWtLk5I92ZITmeUdX0h0dsIdIKrbDi_RZbkkqzPl62eJ0StHfE4
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-auth-cracked.png
content-type: image/png
content-length: 62498
cf-request-id: 0ac0e5b72f0000312896a01000000001
last-modified: Sat, 18 Aug 2018 13:15:44 GMT
server: cloudflare
etag: "8f9a1b97878f951d79fad726461ffcae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=4ZmHcw==, md5=j5obl4ePlR15+tcmRh/8rg==
x-goog-generation: 1534598144928646
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 62498
x-goog-meta-firebasestoragedownloadtokens: dd0c439f-c26f-4778-94f6-23f5831ea7ec
accept-ranges: bytes
cf-ray: 6614d89eb9503128-FRA
expires: Sat, 18 Jun 2022 13:25:53 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKCAGEuBq07bj27tGIx%2Fforced-auth-shell.png
gblobscdn.gitbook.com/ 38 KB
39 KB 533ms
529ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCAKJidobdxoxL_0-7%2F-LKCAGEuBq07bj27tGIx%2Fforced-auth-shell.png?alt=media&token=b0137356-fd9d-4e0f-a046-2671df309fb9
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 841f1b1635a4c199701d0faab6180848725f65cd170f94f99718fa17938570a3

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UwO-WIlsG20x7EqFLnN-NU0aRaPYP5-MfysASktKwv2Paps9SagqwPHn7mBgfh6Q7K2i1v32lxIFr7hO4Dwz0VK0csDeg
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-auth-shell.png
content-type: image/png
content-length: 39406
cf-request-id: 0ac0e5b730000031288e03c000000001
last-modified: Sat, 18 Aug 2018 13:15:44 GMT
server: cloudflare
etag: "10df9f944bb8819aabe6cdea493e2e1e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=B4Ddig==, md5=EN+flEu4gZqr5s3qST4uHg==
x-goog-generation: 1534598144987218
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 39406
x-goog-meta-firebasestoragedownloadtokens: b0137356-fd9d-4e0f-a046-2671df309fb9
accept-ranges: bytes
cf-ray: 6614d89eb9523128-FRA
expires: Sat, 18 Jun 2022 13:25:53 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKCWbiypNbsZ3LLIbj3%2F-LKCXuht57709Z3aInGZ%2Fforced-auth-shares.png
gblobscdn.gitbook.com/ 22 KB
22 KB 55ms
51ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCWbiypNbsZ3LLIbj3%2F-LKCXuht57709Z3aInGZ%2Fforced-auth-shares.png?alt=media&token=c95661a8-528c-4927-8163-bce7a6d09ae1
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60a668c9c543579fe1086fd50d61aa95e95d22490a299be92f61712ea416e140

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 206976
x-guploader-uploadid: ABg5-UztDY9XOXD0UbgNVuEtMsm0bnk_S6vCWFDzXGW9T-abB-gcLx_Hw2IzQ7JqfQz4XaXSN7GJrn6TvvP0UTF4KB4
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-auth-shares.png
content-type: image/png
content-length: 22032
cf-request-id: 0ac0e5b734000031284a110000000001
last-modified: Sat, 18 Aug 2018 15:05:30 GMT
server: cloudflare
etag: "115e5cc905f02bf1eaf6f1ca87a94634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=bcEsoQ==, md5=EV5cyQXwK/Hq9vHKh6lGNA==
x-goog-generation: 1534604730063726
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 22032
x-goog-meta-firebasestoragedownloadtokens: c95661a8-528c-4927-8163-bce7a6d09ae1
accept-ranges: bytes
cf-ray: 6614d89eb9543128-FRA
expires: Thu, 16 Jun 2022 03:56:16 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKCWbiypNbsZ3LLIbj3%2F-LKCXuhrcaEw8YDKnwq7%2Fforced-auth-scf.png
gblobscdn.gitbook.com/ 53 KB
53 KB 26ms
22ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCWbiypNbsZ3LLIbj3%2F-LKCXuhrcaEw8YDKnwq7%2Fforced-auth-scf.png?alt=media&token=9256541a-e06e-4e00-8ba6-5e9a5ed9b82a
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02f055da32c9d47f84e37b0ea92bf9f3ff251b5e05e0d031332df6031997a2b6

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 206976
x-guploader-uploadid: ABg5-UzxRqfKZe1_VFJBfsVHjbc07C-vd0RA5LtGVIH3Bx0KeYmfxndSbFGjDRS-FvbRZ44ARR-bUE3RX9miinKbSLA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-auth-scf.png
content-type: image/png
content-length: 54110
cf-request-id: 0ac0e5b7300000312882a52000000001
last-modified: Sat, 18 Aug 2018 15:05:30 GMT
server: cloudflare
etag: "47bf20e18c6948c2f1a64f0d2d6cb365"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=RTVHKw==, md5=R78g4YxpSMLxpk8NLWyzZQ==
x-goog-generation: 1534604730087776
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 54110
x-goog-meta-firebasestoragedownloadtokens: 9256541a-e06e-4e00-8ba6-5e9a5ed9b82a
accept-ranges: bytes
cf-ray: 6614d89eb9573128-FRA
expires: Thu, 16 Jun 2022 03:56:16 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKCaFWG1wRaLICda4BJ%2F-LKCa57wIu4idO3s7xlW%2Fforced-auth-downloads.png
gblobscdn.gitbook.com/ 56 KB
57 KB 34ms
30ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKCaFWG1wRaLICda4BJ%2F-LKCa57wIu4idO3s7xlW%2Fforced-auth-downloads.png?alt=media&token=a9bded2b-6c60-424a-88c7-8b3a148c988b
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ded55fdbdaf0caa9580597462e0727e239b9799e6cbc2ec81aedac9ceabcfe80

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 206976
x-guploader-uploadid: ABg5-UzUW6qGDyn_8gh2MdHxMOap7nfi2W_WHCNVMuZG5gveDQUuonfEinZpU5accfooA4NFd75Uw5DYrUhDlaHNyhs
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-auth-downloads.png
content-type: image/png
content-length: 57693
cf-request-id: 0ac0e5b73000003128472eb000000001
last-modified: Sat, 18 Aug 2018 15:14:37 GMT
server: cloudflare
etag: "748fd52351518bc771a20f63d4eaa292"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=hqp9kw==, md5=dI/VI1FRi8dxog9j1Oqikg==
x-goog-generation: 1534605277287601
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 57693
x-goog-meta-firebasestoragedownloadtokens: a9bded2b-6c60-424a-88c7-8b3a148c988b
accept-ranges: bytes
cf-ray: 6614d89eb9593128-FRA
expires: Thu, 16 Jun 2022 03:56:17 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LNBag_nxT92_UEIeHF6%2F-LNBbbi9QbPgnEV975AY%2Fforced-authentication-url.gif
gblobscdn.gitbook.com/ 267 KB
268 KB 34ms
31ms Image
image/gif 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LNBag_nxT92_UEIeHF6%2F-LNBbbi9QbPgnEV975AY%2Fforced-authentication-url.gif?alt=media&token=86743379-a2f6-4353-ae1b-f008bd065163
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01f39b6ae2e76e31a40e200495fe75e699b6f5ece74fbd9929ac2811b4798361

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 206976
x-guploader-uploadid: ABg5-Uwfc0uiq8ZgWFsjb2cszfZV30MZPdfHRATzAvIz4ZOxHRiKYG60IIaIb2rTI2C6QBoK_VpHLBFOBp8W3Xkburc
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''forced-authentication-url.gif
content-type: image/gif
content-length: 273664
cf-request-id: 0ac0e5b73000003128373a9000000001
last-modified: Mon, 24 Sep 2018 17:28:58 GMT
server: cloudflare
etag: "81572124652416541afbcd5f3354acff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=S9gHjQ==, md5=gVchJGUkFlQa+81fM1Ss/w==
x-goog-generation: 1537810138841716
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 273664
x-goog-meta-firebasestoragedownloadtokens: 86743379-a2f6-4353-ae1b-f008bd065163
accept-ranges: bytes
cf-ray: 6614d89eb95a3128-FRA
expires: Thu, 16 Jun 2022 03:56:17 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LPm-TrX68odFOLvBw6q%2F-LPlz_8cJxxMBbpLeGSk%2Frtf-hashes.gif
gblobscdn.gitbook.com/ 896 KB
898 KB 435ms
430ms Image
image/gif 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LPm-TrX68odFOLvBw6q%2F-LPlz_8cJxxMBbpLeGSk%2Frtf-hashes.gif?alt=media&token=698628cf-448c-465b-ac42-2adf6f0fbec9
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8f0b0d68a1b36ae16cb713464d069dee820771e3a33b7e5b35076d27959667c

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UwBMafiEhN8z-oEoBaIlmTrjH6x5RuC88N8FLrgVHsXXMOSzdYCbS9qHjx1nVELbNstu8RM-ofGeq-tjtQqsGWpTZxInQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''rtf-hashes.gif
content-type: image/gif
content-length: 917613
cf-request-id: 0ac0e5b73100003128222fb000000001
last-modified: Fri, 26 Oct 2018 20:14:02 GMT
server: cloudflare
etag: "ba873fbf796d74b2cfbaf4390c6dcad6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=yROd3Q==, md5=uoc/v3ltdLLPuvQ5DG3K1g==
x-goog-generation: 1540584842754329
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 917613
x-goog-meta-firebasestoragedownloadtokens: 698628cf-448c-465b-ac42-2adf6f0fbec9
accept-ranges: bytes
cf-ray: 6614d89eb95b3128-FRA
expires: Sat, 18 Jun 2022 13:25:53 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LTIlHXY1_59Aa8z2oVJ%2F-LTIqx0t4SlhDJDdnp9H%2FScreenshot%20from%202018-12-09%2016-23-39.png
gblobscdn.gitbook.com/ 13 KB
13 KB 28ms
23ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LTIlHXY1_59Aa8z2oVJ%2F-LTIqx0t4SlhDJDdnp9H%2FScreenshot%20from%202018-12-09%2016-23-39.png?alt=media&token=ef2c5a56-6176-4113-a89c-8c462b9c5e56
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dfe53f7e2a9f4f0d69801d9c72643b7894bdc9bb7169c48000fc9927588c1dc

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: HIT
age: 206976
x-guploader-uploadid: ABg5-UyMEoQvxLCT5UmOR2UaohSY5r3r-NgDGbnOGuu-4joS8Rukurc0TYcD_bCelf5IlA3sWoJCqFJ2jT5AOgDkHRhtwEPjCA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''Screenshot%20from%202018-12-09%2016-23-39.png
content-type: image/png
content-length: 12936
cf-request-id: 0ac0e5b7310000312885a86000000001
last-modified: Sun, 09 Dec 2018 16:51:05 GMT
server: cloudflare
etag: "625e0ffd39a4518de10a0e903772e435"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=nhsuTA==, md5=Yl4P/TmkUY3hCg6QN3LkNQ==
x-goog-generation: 1544374265561560
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 12936
x-goog-meta-firebasestoragedownloadtokens: ef2c5a56-6176-4113-a89c-8c462b9c5e56
accept-ranges: bytes
cf-ray: 6614d89eb95f3128-FRA
expires: Thu, 16 Jun 2022 03:56:17 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LTIlHXY1_59Aa8z2oVJ%2F-LTIqn7U-sNTvcz6Uq_1%2FPeek%202018-12-09%2016-44.gif
gblobscdn.gitbook.com/ 2 MB
2 MB 506ms
500ms Image
image/gif 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LTIlHXY1_59Aa8z2oVJ%2F-LTIqn7U-sNTvcz6Uq_1%2FPeek%202018-12-09%2016-44.gif?alt=media&token=25652c78-0937-4613-92c2-2e57f544a422
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 331119aedc59fdfbfe0d31fa612eb638cfd2ee0e37f55f05328030d1f668c914

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UwZJtlw8hiUxOTet1B29Vmf0j_i4MkZN0xTdeTkRqO3vqwmaRfH35NFfhkA67HegyJEF8t_UPJYTRlH9lTQdJ7R5vA9jQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''Peek%202018-12-09%2016-44.gif
content-type: image/gif
content-length: 1772508
cf-request-id: 0ac0e5b7310000312853a7f000000001
last-modified: Sun, 09 Dec 2018 16:51:07 GMT
server: cloudflare
etag: "cf68e912507c1b1b9408d02c571dbecf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=W6aj8w==, md5=z2jpElB8GxuUCNAsVx2+zw==
x-goog-generation: 1544374267552654
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1772508
x-goog-meta-firebasestoragedownloadtokens: 25652c78-0937-4613-92c2-2e57f544a422
accept-ranges: bytes
cf-ray: 6614d89eb9603128-FRA
expires: Sat, 18 Jun 2022 13:25:53 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LTItDXo_VwQdF8UZfy4%2F-LTIue9CV23QbGlp_Xtc%2FScreenshot%20from%202018-12-09%2017-01-11.png
gblobscdn.gitbook.com/ 26 KB
26 KB 476ms
471ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LTItDXo_VwQdF8UZfy4%2F-LTIue9CV23QbGlp_Xtc%2FScreenshot%20from%202018-12-09%2017-01-11.png?alt=media&token=4bd9c4a6-4f79-4fa8-8ae3-bb66ca533e0d
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe408b177e061e6956f48318defab18bc1668bdaf1a4338ea76d1eb48668b294

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UyDxPHPsLhSMjRUe3G_ZQ8vgfhXMkPey4eFIo9ZJdECdkQkYz1cbKWaKvd_-NVA1XUCoJNTcCf4ClxSfkPJDQc
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''Screenshot%20from%202018-12-09%2017-01-11.png
content-type: image/png
content-length: 26466
cf-request-id: 0ac0e5b731000031284c90d000000001
last-modified: Sun, 09 Dec 2018 17:05:56 GMT
server: cloudflare
etag: "89bd39e140a82a75a72e894835a3235b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=fO5iQw==, md5=ib054UCoKnWnLolINaMjWw==
x-goog-generation: 1544375156097902
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 26466
x-goog-meta-firebasestoragedownloadtokens: 4bd9c4a6-4f79-4fa8-8ae3-bb66ca533e0d
accept-ranges: bytes
cf-ray: 6614d89eb9613128-FRA
expires: Sat, 18 Jun 2022 13:25:53 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LTItDXo_VwQdF8UZfy4%2F-LTIuxNGAIJRG9Ceq57O%2FScreenshot%20from%202018-12-09%2017-02-32.png
gblobscdn.gitbook.com/ 92 KB
92 KB 48ms
43ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LTItDXo_VwQdF8UZfy4%2F-LTIuxNGAIJRG9Ceq57O%2FScreenshot%20from%202018-12-09%2017-02-32.png?alt=media&token=a0096fbf-10ba-4b80-9015-699e019bb3ac
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0e9d9a12b3aad2a7ff17751fdce1b82d7d204197627654eedc31127e833cdc5

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UxjpAWgU_-LKm59hWn3P49nc2fnPMgZqKYzERCMpHbQf9oV9-_gqC1w_bjaZcdgRRhmy69AxMesTXZY2XUHF4U
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''Screenshot%20from%202018-12-09%2017-02-32.png
content-type: image/png
content-length: 93820
cf-request-id: 0ac0e5b7330000312839b2e000000001
last-modified: Sun, 09 Dec 2018 17:05:56 GMT
server: cloudflare
etag: "fd83b00e6d6a64aba7b14bda16959e14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=eg8YFQ==, md5=/YOwDm1qZKunsUvaFpWeFA==
x-goog-generation: 1544375156911516
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 93820
x-goog-meta-firebasestoragedownloadtokens: a0096fbf-10ba-4b80-9015-699e019bb3ac
accept-ranges: bytes
cf-ray: 6614d89eb9643128-FRA
expires: Fri, 17 Jun 2022 10:34:00 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ Frame F27D 95 KB
29 KB 28ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: cdn.iframe.ly
URL: https://cdn.iframe.ly/api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6793) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:53 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/6793)
Age: 340
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H2 200 viewer Show response
docs.google.com/ Frame 1BB1 2 KB
1 KB 43ms
41ms Document
text/html 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Requested by

Host: cdn.iframe.ly
URL: https://cdn.iframe.ly/api/iframe?url=http%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf&key=4fb668ebc74b721f3c2230d81634c8bc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e91db62ba045db98cb8ee5ec9d06c071a3095e6be7db66897c47b102efe4e54d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-F+H1dn8TYmuEmtSHfRWpQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: docs.google.com
:scheme: https
:path: /viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.iframe.ly/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.iframe.ly/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 18 Jun 2021 13:25:53 GMT
content-encoding: gzip
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-security-policy: script-src 'report-sample' 'nonce-F+H1dn8TYmuEmtSHfRWpQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: NID=217=Caowxoswz5mTIQnUztjDWOg_Z06Hty_katZxOTtprMOIuTT4EvizavkNJTdCcj9KQBdm7xBlSUwQHmIZyQKd29qAX7czFnNE-LrdeoK5CwFiB8cc7gijwq7tNtSaep_Xkf2hkvUy4YIItBpH1BeBKcnyfe7cB_sXK8EAvGmfuso; expires=Sat, 18-Dec-2021 13:25:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 logger.min.js Show response
cdn.lr-ingest.io/ 715 KB
133 KB 85ms
55ms Script
text/javascript 2606:4700:3035::6815:327f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.lr-ingest.io/logger.min.js

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:327f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa37e68c6fd396a68bd86131fa5cdbc8e22bc608541813a876aacaeb25fdf4de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
content-encoding: br
vary: x-fh-requested-host, accept-encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 133
x-cache: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0ac0e5b81e0000c2a428bb2000000001
x-served-by: cache-fra19147-FRA
last-modified: Thu, 17 Jun 2021 20:16:05 GMT
server: cloudflare
x-timer: S1623961210.051716,VS0,VE1
etag: W/"2951c793e71bf2c5cdfc68479f2c3f92b987ac0f991c51a07e187e1259fbc17e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31556926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WGaRfcN5qaV8Qia7w4WQA1mWrB6QFy3j%2FYmALYlWVrCxdcuA9AHvEmgDX4cxtaCEkEgp0JCYkzms1csmzW%2F0vXDCe%2Ffnee8C0VxlJkb3Yk7JDVG%2Bwh0e%2Bz45bFVEjdZoY0NTShMro%2FpmAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 6614d8a02ac3c2a4-FRA
x-cache-hits: 1

GET
H2 200 __session Show response
app.gitbook.com/ 52 B
614 B 256ms
245ms Fetch
application/json 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.gitbook.com/__session?proposed=b19d7cf8-dc67-4795-9382-c690c95bef70R
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1e1505f9dd4ef738356223501de70043e18dcc583be62b5e53abbf4c33eb0f1b

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:53 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-magic-hash: 590b4fe02dc55aa9fde6dfdbc1a33d82273fc9c6a576984b78f97aca99a7ec32
x-powered-by: Express
x-cache: MISS
x-release: gitbook-28427-6.25.11
cf-request-id: 0ac0e5b965000031282d392000000001
access-control-allow-origin: https://www.ired.team
server: cloudflare
etag: W/"34-yn9PTbpWVzL02+jpx/k8v/fSI5U"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
via: no cache
x-cloud-trace-context: 5bf11093b62aa0845933e20e25369d82
cache-control: private
access-control-allow-credentials: true
function-execution-id: nw3e80gb8tsp
cf-ray: 6614d8a23b173128-FRA
expires: Fri, 18 Jun 2021 13:25:53 GMT

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame B097 319 KB
103 KB 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fcdn.iframe.ly
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 61886
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Jun 2021 13:25:54 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6760)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
BLOB 200
OK 500bcbd4-d7d7-4058-b42f-3dd2957e7a41
https://www.ired.team/ 406 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.ired.team/500bcbd4-d7d7-4058-b42f-3dd2957e7a41
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7419a8116d5d66c8c33516698df039db75d31674467593a4d2cbf0c1804eac38

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 416100

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LTItDXo_VwQdF8UZfy4%2F-LTIvUDMNsKiX_VpjLGA%2FPeek%202018-12-09%2017-04.gif
gblobscdn.gitbook.com/ 1 MB
1 MB 446ms
445ms Image
image/gif 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LTItDXo_VwQdF8UZfy4%2F-LTIvUDMNsKiX_VpjLGA%2FPeek%202018-12-09%2017-04.gif?alt=media&token=4f5d23ab-0b1a-4396-ac2d-a98bc925296a
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9fe26bb990233ded80c51e6c45f3d88fffd1dd1da0b40c6d3d9fc3ed7d50f853

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:54 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UwrwbvWymWF9I8kG92G7607CymFbivMrejGH1K31ceTLoK31gp9hwQYA8TgBD2TblD-QwFHfSg1wCcguKETMSQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''Peek%202018-12-09%2017-04.gif
content-type: image/gif
content-length: 1233016
cf-request-id: 0ac0e5bb93000031284c98f000000001
last-modified: Sun, 09 Dec 2018 17:05:58 GMT
server: cloudflare
etag: "523859eae20e8f546a2eb3ed21e9144c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=BJzVFw==, md5=UjhZ6uIOj1RqLrPtIekUTA==
x-goog-generation: 1544375158053510
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1233016
x-goog-meta-firebasestoragedownloadtokens: 4f5d23ab-0b1a-4396-ac2d-a98bc925296a
accept-ranges: bytes
cf-ray: 6614d8a5bc963128-FRA
expires: Fri, 17 Jun 2022 10:34:01 GMT

GET
H2 200 rs=AC2dHML67LyY1B2Yw5pT_H24sWgOlk0J-w
www.gstatic.com/_/apps-viewer/_/ss/k=apps-viewer.standalone.1j6kulp8hnj9v.L.W.O/d=0/ Frame 1BB1 155 KB
24 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/apps-viewer/_/ss/k=apps-viewer.standalone.1j6kulp8hnj9v.L.W.O/d=0/rs=AC2dHML67LyY1B2Yw5pT_H24sWgOlk0J-w

Requested by

Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bb00f46ad928f58f887b990049499925981ac779bd8106c58b13fb7471d4c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 05:00:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 289507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-viewer
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24009
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 13:08:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 05:00:47 GMT

GET
H2 200 m=main Show response
www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/ Frame 1BB1 1 MB
359 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Requested by

Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b7d6238fcc9715ea0d7562ec25feb4ff48409d22fb7d4e70a9ae5d43ea852cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:46:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-viewer
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 367610
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 13:08:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jun 2022 17:46:14 GMT

GET
H2 200 client.js Show response
apis.google.com/js/ Frame 1BB1 12 KB
5 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js

Requested by

Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

de59229b6accee9fc8be451471d2d325db54ffcd7c0b46df53c6e88cf8ac9e62

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-c/5gnrhXvJ8bCcPcxHG6KA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "b6c9c4c57d0853a428bd1b11371f577b"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-c/5gnrhXvJ8bCcPcxHG6KA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Fri, 18 Jun 2021 13:25:54 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-MVflpDX5A6_JFJp2Kld%2F-MVgElwKypgONia1Tzl_%2Fimage.png
gblobscdn.gitbook.com/ 67 KB
68 KB 38ms
36ms Image
image/png 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-MVflpDX5A6_JFJp2Kld%2F-MVgElwKypgONia1Tzl_%2Fimage.png?alt=media&token=f4ba07db-a3e7-41d9-96b4-a7326dedee1e
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6696beb129e60e9848eb345c540053421353220bb4d20e31afb81f550269fb8

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:54 GMT
cf-cache-status: HIT
age: 206974
x-guploader-uploadid: ABg5-UyvyQQ2EHi6Ewlf5GDXNo5IHhIv7kEGQmR097Zv0FVAwc_vOFifG7Q8GASUaeGWQHfrzclqWs8kuOgKQ19TxaU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: attachment; filename="image.png"
content-type: image/png
content-length: 68963
cf-request-id: 0ac0e5bba90000312861bd2000000001
last-modified: Sat, 13 Mar 2021 15:40:39 GMT
server: cloudflare
etag: "b872d802851dc2aae5178f34c1970be3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=SFEJrw==, md5=uHLYAoUdwqrlF480wZcL4w==
x-goog-generation: 1615650039167699
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 68963
x-goog-meta-firebasestoragedownloadtokens: f4ba07db-a3e7-41d9-96b4-a7326dedee1e
accept-ranges: bytes
cf-ray: 6614d8a5dce73128-FRA
expires: Thu, 16 Jun 2022 03:56:19 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-MVflpDX5A6_JFJp2Kld%2F-MVgIZw9CYFtkwLA16JH%2Fharvest-hash-shortcut.gif
gblobscdn.gitbook.com/ 548 KB
549 KB 37ms
36ms Image
image/gif 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-MVflpDX5A6_JFJp2Kld%2F-MVgIZw9CYFtkwLA16JH%2Fharvest-hash-shortcut.gif?alt=media&token=2c671eb4-0335-4600-a548-8d6274e83f0f
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d61e17d5031219ed6f9922bda9bc4a12f50ca924804e8cde0424eb2531b16c7b

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:54 GMT
cf-cache-status: HIT
age: 206974
x-guploader-uploadid: ABg5-UzMft9aalFj0ihjLTUqqa4xKusOF_zeAijiHu3mAI3Xmjsh9UIB4ei-pjcxMW04_yTpo2zYNadxNsCALgucIM0
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: attachment; filename="harvest-hash-shortcut.gif"
content-type: image/gif
content-length: 560653
cf-request-id: 0ac0e5bbaa000031282a067000000001
last-modified: Sat, 13 Mar 2021 15:57:16 GMT
server: cloudflare
etag: "bfb89db6c450b0942fcb608eb18fb3cb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=x9y6Iw==, md5=v7idtsRQsJQvy2COsY+zyw==
x-goog-generation: 1615651036566273
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 560653
x-goog-meta-firebasestoragedownloadtokens: 2c671eb4-0335-4600-a548-8d6274e83f0f
accept-ranges: bytes
cf-ray: 6614d8a5dced3128-FRA
expires: Thu, 16 Jun 2022 03:56:19 GMT

GET settings
syndication.twitter.com/ Frame B097 0
0

GET
H3-29 200 cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/ Frame 1BB1 305 KB
0 16ms
14ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 19:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 151889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107098
x-xss-protection: 0
last-modified: Tue, 15 Jun 2021 19:21:40 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jun 2022 19:14:25 GMT

GET
H2 200 v-sprite36.svg
ssl.gstatic.com/docs/common/viewer/v3/ Frame 1BB1 35 KB
9 KB 7ms
6ms Image
image/svg+xml 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite36.svg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/ss/k=apps-viewer.standalone.1j6kulp8hnj9v.L.W.O/d=0/rs=AC2dHML67LyY1B2Yw5pT_H24sWgOlk0J-w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea0869ddd700cd3c5ba8f54816d996906d095f746f92142c88abae905b207770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 11:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 526562
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8927
x-xss-protection: 0
last-modified: Wed, 14 Apr 2021 16:48:00 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jun 2022 11:09:52 GMT

GET
H2 200 iframe Show response
cdn.iframe.ly/api/ Frame EA3F 12 KB
4 KB 249ms
248ms Document
text/html 65.9.77.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/api/iframe?url=http%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf&key=4fb668ebc74b721f3c2230d81634c8bc
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / iframe.ly
Resource Hash: 33664aa2d6236329596fe87a448ac96e2700c943ee3022053fac9b5c467624a8

Request headers

:method: GET
:authority: cdn.iframe.ly
:scheme: https
:path: /api/iframe?url=http%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf&key=4fb668ebc74b721f3c2230d81634c8bc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Response headers

content-type: text/html; charset=utf-8
server: nginx
date: Fri, 18 Jun 2021 13:25:54 GMT
x-powered-by: iframe.ly
access-control-allow-origin: *
cache-control: public, max-age=3600
expires: Fri, 18 Jun 2021 14:25:54 GMT
etag: W/"5d6360cd703048c8c950435bc5f3b918"
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a06d82f018833bef3e7f2e9fd230e5ee.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: KOaA5BTKJUt-jImPKbYCMxDrNfQlXWO-91cIKsxFuWbvSshm1BPTdw==

GET
H2 200 iframe Show response
cdn.iframe.ly/api/ Frame C0DC 6 KB
3 KB 122ms
121ms Document
text/html 65.9.77.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Express
Resource Hash: 3a04c6375070d506b489e274f84aae46da83d8f8a86a1325f695b8c874450c33

Request headers

:method: GET
:authority: cdn.iframe.ly
:scheme: https
:path: /api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Response headers

content-type: text/html; charset=utf-8
server: nginx
date: Fri, 18 Jun 2021 13:25:54 GMT
x-powered-by: Express
access-control-allow-origin: *
cache-control: no-cache, max-age=0
expires: Fri, 18 Jun 2021 13:25:53 GMT
content-encoding: br
etag: W/"6a6eb1a66c51f0d3f4f259262aeb1c11"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a06d82f018833bef3e7f2e9fd230e5ee.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: GvvylTrEKQ0yUCs2bDMfJM8s6J8zGPWW8yrLYQegGhpC0gH38UCSug==

POST
H2 200 / Show response
www.gitbook.com/__amp/ 7 B
184 B 817ms
802ms XHR
text/html 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gitbook.com/__amp/

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 18 Jun 2021 13:25:55 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=15768000
cf-ray: 6614d8a7fb3bd6c5-FRA
content-length: 7
cf-request-id: 0ac0e5bcfd0000d6c5b6996000000001

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 1637
date: Fri, 18 Jun 2021 12:58:37 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 18 Jun 2021 14:58:37 GMT

GET
H2 200 7f9239ce726764aa22093884902e018d.svg
gstatic.gitbook.com/images/ 2 KB
1 KB 38ms
37ms Image
image/svg+xml 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gstatic.gitbook.com/images/7f9239ce726764aa22093884902e018d.svg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:54 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6489246
x-guploader-uploadid: ABg5-Uwp2ZHpfP2KRh3gmr5OfeDUxp0R7u-PLsf10qcUQXhVLjI--w_PdPdPrcA3PFb9bG3JCWQm3A0kt0wXHHc68KoZV03s2A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
cf-request-id: 0ac0e5bcfb0000d6fd3cad0000000001
last-modified: Fri, 19 Mar 2021 17:17:25 GMT
server: cloudflare
etag: W/"7f9239ce726764aa22093884902e018d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=VnuT0A==, md5=f5I5znJnZKoiCTiEkC4BjQ==
x-goog-generation: 1616174245138502
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 2137
cf-ray: 6614d8a7fd84d6fd-FRA
expires: Mon, 04 Apr 2022 10:51:47 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
30 B 13ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=889384041&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Finitial-access%2Ft1187-forced-authentication&dp=%2Foffensive-security%2Finitial-access%2Ft1187-forced-authentication&ul=en-us&de=UTF-8&dt=Forced%20Authentication%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=469324374&gjid=1102929374&cid=138893840.1624022755&tid=UA-57505611-10&_gid=165746635.1624022755&_r=1&_slc=1&cd1=-LFEMnER3fywgFHoroYn&cd2=-LFEMnEQwqZOY6DtfrzY&cd3=-MbMRjQwLSFD3ErZcYXE&cd4=master&cd5=-LKByyrc1DYbnORq03RW&z=69405765

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 13:25:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ired.team
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
30 B 12ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=889384041&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Finitial-access%2Ft1187-forced-authentication&dp=%2Foffensive-security%2Finitial-access%2Ft1187-forced-authentication&ul=en-us&de=UTF-8&dt=Forced%20Authentication%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=1854533359&gjid=1904719412&cid=138893840.1624022755&tid=UA-128974775-1&_gid=165746635.1624022755&_r=1&_slc=1&z=859033582

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 13:25:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ired.team
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ Frame C0DC 95 KB
29 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: cdn.iframe.ly
URL: https://cdn.iframe.ly/api/iframe?url=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%3Fs%3D12&key=4fb668ebc74b721f3c2230d81634c8bc&app=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6793) /
Resource Hash: a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:54 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:57:32 GMT
Server: ECS (frb/6793)
Age: 341
Etag: "9eb59e5602fef4b3ebf6090856ff21db+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 28779

GET
H/1.1 200
OK widget_iframe.06c6ee58c3810956b7509218508c7b56.html Show response
platform.twitter.com/widgets/ Frame F509 319 KB
103 KB 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fcdn.iframe.ly
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6723) /
Resource Hash: 5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 61885
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Jun 2021 13:25:54 GMT
Etag: "dab7ee9ff99366614e06e117bab5e542+gzip"
Last-Modified: Wed, 28 Apr 2021 17:56:54 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6723)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105298

GET
H2 200 settings Show response
syndication.twitter.com/ Frame F509 256 B
235 B 122ms
120ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.06c6ee58c3810956b7509218508c7b56.html?origin=https%3A%2F%2Fcdn.iframe.ly

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:54 GMT
content-encoding: gzip
last-modified: Fri, 18 Jun 2021 13:25:54 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 4dda20538a77d8b8848aa54fe5e1121d632cacd4f8c8039381c580721bd86d91
content-length: 176

GET
H/1.1 200
OK horizon_tweet.2bd42981e3af03ce9186a5655508da28.js Show response
platform.twitter.com/js/ Frame C0DC 7 KB
3 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.2bd42981e3af03ce9186a5655508da28.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67C1) /
Resource Hash: 263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:54 GMT
Content-Encoding: gzip
Last-Modified: Wed, 28 Apr 2021 17:56:41 GMT
Server: ECS (frb/67C1)
Age: 61887
Etag: "43544c32afe87494042045e40e7b3213+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2436

GET
H3-29 200 viewer Show response
docs.google.com/ Frame 205D 8 KB
3 KB 1004ms
988ms Document
text/html 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0ea11f91597291c51ed822717ff834eba131f2d33a8aa48675c6d57540638ca7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-920MmjzVesULU0L8Xmx8Sg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: docs.google.com
:scheme: https
:path: /viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.iframe.ly/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=217=Caowxoswz5mTIQnUztjDWOg_Z06Hty_katZxOTtprMOIuTT4EvizavkNJTdCcj9KQBdm7xBlSUwQHmIZyQKd29qAX7czFnNE-LrdeoK5CwFiB8cc7gijwq7tNtSaep_Xkf2hkvUy4YIItBpH1BeBKcnyfe7cB_sXK8EAvGmfuso
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://cdn.iframe.ly/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 18 Jun 2021 13:25:55 GMT
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-920MmjzVesULU0L8Xmx8Sg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 46BB 487 B
971 B 7ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: b50e40103e4edf3e68a1bba73a72df65e1d5610b1a436e062950aaf6ec1ac5e8

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 780
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Fri, 18 Jun 2021 13:25:55 GMT
Etag: "cd42a3a4832e3344fe2766c3d637d5f0"
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6725)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK embed.runtime.6ec290f4457d94330e30.js Show response
platform.twitter.com/embed/ Frame 46BB 8 KB
4 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.6ec290f4457d94330e30.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6752) /
Resource Hash: 8bc4ca256a5911fd35cec610ba901e8f3cf66d6e0f7d8d4c924df38cf64258a5

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/6752)
Age: 61888
Etag: "8b2f163511827f6047eadf40de59a638+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3521

GET
H/1.1 200
OK embed.modules.fdf619f0ab7b0d65a156.js Show response
platform.twitter.com/embed/ Frame 46BB 501 KB
160 KB 15ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.fdf619f0ab7b0d65a156.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674B) /
Resource Hash: 1142d3e2151b2d78ac338d8e13d29bae8396d4c0eeecc2c526567954d5b9623b

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/674B)
Age: 61888
Etag: "ecda7d77624a93098913e0f87a599f93+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 163554

GET
H/1.1 200
OK embed.i18n.4b9e73295c227d97b396.js Show response
platform.twitter.com/embed/ Frame 46BB 146 B
650 B 27ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.4b9e73295c227d97b396.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 3ed3c50b01daa71dcb11f101b27ea78aedf2a1a9df0e4320be84aef4204b6200

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/67BA)
Age: 61888
Etag: "39240cf1feca2acc3f78b8cbb0fe28b6"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.d96c6407aa4cf3a944eb.js Show response
platform.twitter.com/embed/ Frame 46BB 15 KB
6 KB 28ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.d96c6407aa4cf3a944eb.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6762) /
Resource Hash: a103cf81d6c0cf298f853826631615702bb6388e2bba15d3757493eec07603f6

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/6762)
Age: 61888
Etag: "f89bdd8bb00ce94807bd042cc0d9ce00+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5578

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.df1a89ff01b63fbd9c14.js Show response
platform.twitter.com/embed/ Frame 46BB 21 KB
7 KB 12ms
11ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.df1a89ff01b63fbd9c14.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.6ec290f4457d94330e30.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 43861e4cb2238d9a5cc5320aa52860f57e105caff3983cf34948eb08c2aaffd0

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/674C)
Age: 61886
Etag: "7581e4d659bc1b4bbcb5222ecb0fc881+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 7050

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.2d1b9162a9d9eb606e9d.js Show response
platform.twitter.com/embed/ Frame 46BB 3 KB
2 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.2d1b9162a9d9eb606e9d.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.6ec290f4457d94330e30.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: 8e5dba2200cd286a1d9dac3ed2d45692c8c4a6afe2d57a2ce01d217cf31dbec8

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/67BE)
Age: 61888
Etag: "1da432f45029fd4661914a11c40f5f01+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 1528

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.26ea338090bc52bb931e.js Show response
platform.twitter.com/embed/ Frame 46BB 118 KB
32 KB 9ms
8ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.26ea338090bc52bb931e.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.6ec290f4457d94330e30.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6793) /
Resource Hash: a7e7383a8368a2fa8bc3aaea7486d8ff62a65d1281325fe94f9f788968a8cd85

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/6793)
Age: 61888
Etag: "a19809d8b8005d5f6ec8eba504df2091+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 31960

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.a1aa96bb690ced74ba22.js Show response
platform.twitter.com/embed/ Frame 46BB 16 KB
6 KB 7ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.a1aa96bb690ced74ba22.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.6ec290f4457d94330e30.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: bd8fd26da37cff3a61c6ff1c813398b03df950f6bce5afb44d6acd55e93efe89

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/6725)
Age: 61888
Etag: "7ef2bd79cbbccdacbde6bc0cf229c9d0+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5753

GET
H/1.1 200
OK embed.ondemand.Tweet.cdddd31e9abe4780847a.js Show response
platform.twitter.com/embed/ Frame 46BB 58 KB
14 KB 9ms
8ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.cdddd31e9abe4780847a.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.6ec290f4457d94330e30.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668B) /
Resource Hash: b08419262411f2b8ac3acaac9254ccf84a6c5569d8f100e9e7535d4e1be256cf

Request headers

Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:55 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Jun 2021 17:46:28 GMT
Server: ECS (frb/668B)
Age: 61888
Etag: "7ccbf0dacd75fc9a7d3278b8428494e4+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 14108

GET
H2 200 tweet Show response
cdn.syndication.twimg.com/ Frame 46BB 2 KB
2 KB 196ms
175ms XHR
application/json 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_tweet_embed_clickability_12102%3Acontrol&id=1062935197107322880&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.fdf619f0ab7b0d65a156.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

15eb6a4876bb281f057738b0040edbf87d6253f597c3217e83352d318cd7df9c

Security Headers

Name	Value
Content-Security-Policy	connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: connect-src 'self'; default-src 'self'; frame-src 'self'; font-src 'self'; form-action 'self'; img-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"9f3-riDZ7D1J+yo7z1UmIlJx7HD1D2A"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Fri, 18 Jun 2021 13:25:55 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=60
access-control-allow-credentials: true
x-connection-hash: 13eae8600dec9caa1dc279db50ded08cceddab7a5197f4af7fab50bfad1d8845
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H3-29 200 rs=AC2dHML67LyY1B2Yw5pT_H24sWgOlk0J-w
www.gstatic.com/_/apps-viewer/_/ss/k=apps-viewer.standalone.1j6kulp8hnj9v.L.W.O/d=0/ Frame 205D 155 KB
23 KB 17ms
15ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/apps-viewer/_/ss/k=apps-viewer.standalone.1j6kulp8hnj9v.L.W.O/d=0/rs=AC2dHML67LyY1B2Yw5pT_H24sWgOlk0J-w

Requested by

Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bb00f46ad928f58f887b990049499925981ac779bd8106c58b13fb7471d4c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 15 Jun 2021 05:00:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 289508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-viewer
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24009
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 13:08:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Jun 2022 05:00:47 GMT

GET
H3-29 200 thumb
docs.google.com/viewerng/ Frame 205D 88 KB
88 KB 35ms
34ms Image
image/webp 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://docs.google.com/viewerng/thumb?ds=AON1mFxpw8mylKPm6ed5POyw4AdxlIQgruHzr6Pwqd_cBNtvU4vmjeRGDX73-IuWnZXhffK0c46ZkebFXCBJxxCSlB21dpsIX-22DfFSa5POquIZMOiRWNyLX1QGgHxjPD5J8sPqmjHzvqmTBdIwI5QffR_fPapC4UuawcGzjFwvyT_fO_JCmll4SawUEwr__wtGQQBFWFS3uWhiuLX4KBfyUUw9KkuLTy-AVL2-uh_rDaY-FuwphigPaelXlJybH5us_w4-5FFV1IeN9NvacGPOw-OuXqxUQJTKe68_paEcXxz04a8tuX7HHE5S7PqDEJmWPihdXvGy&ck=lantern&authuser&w=800&webp=true&p=proj

Requested by

Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7876125d7fcd9a190ece28fdd6a5df2562854f5c7ea115f0aad6d8e490d9ff9f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qW2GB36/reIAnl7yWmjhxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:55 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: private, max-age=300
content-security-policy: script-src 'report-sample' 'nonce-qW2GB36/reIAnl7yWmjhxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Fri, 18 Jun 2021 13:25:55 GMT

GET
H3-29 200 m=main Show response
www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/ Frame 205D 1 MB
359 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Requested by

Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b7d6238fcc9715ea0d7562ec25feb4ff48409d22fb7d4e70a9ae5d43ea852cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:46:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 157181
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-viewer
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 367610
x-xss-protection: 0
last-modified: Thu, 10 Jun 2021 13:08:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jun 2022 17:46:14 GMT

GET
H3-29 200 client.js Show response
apis.google.com/js/ Frame 205D 12 KB
5 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js

Requested by

Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

de59229b6accee9fc8be451471d2d325db54ffcd7c0b46df53c6e88cf8ac9e62

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sihsx6Td0r/OR4Juj2YWEg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "b6c9c4c57d0853a428bd1b11371f577b"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-sihsx6Td0r/OR4Juj2YWEg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Fri, 18 Jun 2021 13:25:55 GMT

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/ Frame 205D 305 KB
105 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cf4df76a10bbe97ceaaa6248f514497eb1a579ab579eef5fcaeaeb7514aeba8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://docs.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 19:14:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 151890
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107098
x-xss-protection: 0
last-modified: Tue, 15 Jun 2021 19:21:40 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jun 2022 19:14:25 GMT

GET
H3-29 200 v-sprite36.svg
ssl.gstatic.com/docs/common/viewer/v3/ Frame 205D 35 KB
9 KB 22ms
7ms Image
image/svg+xml 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite36.svg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/ss/k=apps-viewer.standalone.1j6kulp8hnj9v.L.W.O/d=0/rs=AC2dHML67LyY1B2Yw5pT_H24sWgOlk0J-w

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea0869ddd700cd3c5ba8f54816d996906d095f746f92142c88abae905b207770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 11:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 526563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8927
x-xss-protection: 0
last-modified: Wed, 14 Apr 2021 16:48:00 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: image/svg+xml
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 Jun 2022 11:09:52 GMT

GET
H3-29 200 meta Show response
docs.google.com/viewerng/ Frame 205D 36 B
82 B 28ms
28ms XHR
application/json 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/viewerng/meta?id=ACFrOgC6MWqWP1a7szN6MYSTSCEP_-ly3pkhCWbixNCJJFxqTfQPX6QLXtRvl8YlfszTHthsdQ11tyiMcK-vfEGNEl_F3WsjdqRizQY8jlQ2OM7KswcGUCNyy43bcIUeJ1669E77V9Bie3lx-hkT

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0f8f1450692b2d86b59dfaa4daa59eb589f12d0075b355d019de82ce5cce0011

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RE6Kl1O7M3RhFTP9UeQP8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'report-sample' 'nonce-RE6Kl1O7M3RhFTP9UeQP8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
date: Fri, 18 Jun 2021 13:25:55 GMT
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jot
syndication.twitter.com/i/ Frame 46BB 43 B
374 B 126ms
125ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1624022756040%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%2282e1070%3A1619632193066%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%228eb410e%3A1623879713670%22%2C%22item_ids%22%3A%5B%221062935197107322880%22%5D%2C%22item_details%22%3A%7B%221062935197107322880%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Fri, 18 Jun 2021 13:25:56 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 4dda20538a77d8b8848aa54fe5e1121d632cacd4f8c8039381c580721bd86d91
x-transaction: 5c66a4aa2390cacd
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 1f37b.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 46BB 3 KB
1 KB 68ms
6ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f37b.svg

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a6c31832e3de9bcade7f798071335a9d5cdb442e5d75a17d4b6445b7bf15bad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
timing-server-allow: https://twitter.com;https://mobile.twitter.com
server-timing: x-cache;desc=HIT, HIT, x-tw-cdn;desc=FT
content-length: 1169
x-served-by: cache-fty21365-FTY, cache-hhn4074-HHN
last-modified: Wed, 21 Feb 2018 22:30:50 GMT
etag: "Xi6gOqSWPNpekdOVwlh+aw=="
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
date: Fri, 18 Jun 2021 13:25:56 GMT
expires: Fri, 01 Apr 2022 08:22:23 GMT

GET
H3-29 200 img Show response
docs.google.com/viewerng/ Frame 205D 88 KB
88 KB 31ms
30ms XHR
image/webp 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/viewerng/img?id=ACFrOgC6MWqWP1a7szN6MYSTSCEP_-ly3pkhCWbixNCJJFxqTfQPX6QLXtRvl8YlfszTHthsdQ11tyiMcK-vfEGNEl_F3WsjdqRizQY8jlQ2OM7KswcGUCNyy43bcIUeJ1669E77V9Bie3lx-hkT&page=0&w=800&webp=true

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7876125d7fcd9a190ece28fdd6a5df2562854f5c7ea115f0aad6d8e490d9ff9f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-s6xbpMW1mI0nqSx7TCwmbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 13:25:56 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-s6xbpMW1mI0nqSx7TCwmbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 presspage Show response
docs.google.com/viewerng/ Frame 205D 14 KB
5 KB 36ms
35ms XHR
application/json 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://docs.google.com/viewerng/presspage?id=ACFrOgC6MWqWP1a7szN6MYSTSCEP_-ly3pkhCWbixNCJJFxqTfQPX6QLXtRvl8YlfszTHthsdQ11tyiMcK-vfEGNEl_F3WsjdqRizQY8jlQ2OM7KswcGUCNyy43bcIUeJ1669E77V9Bie3lx-hkT&page=0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8811c65f1b1fdb8ef6be9a271833c183ccbb9f437e62cdeaef1ac4ccfcb31e31

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VZBl86RQGaUIiY+Cc/c7Xg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'report-sample' 'nonce-VZBl86RQGaUIiY+Cc/c7Xg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
date: Fri, 18 Jun 2021 13:25:56 GMT
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 img Show response
docs.google.com/viewerng/ Frame 205D 93 KB
93 KB 27ms
26ms XHR
image/webp 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c8811885beccfde929e9cd9e2e11cfc2d24b2d53260173c67f5325a689419dcf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-36Lfo8AWyAxX3RPUB8zEIg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 13:25:56 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-36Lfo8AWyAxX3RPUB8zEIg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 presspage Show response
docs.google.com/viewerng/ Frame 205D 13 KB
4 KB 30ms
29ms XHR
application/json 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c6ac58d7446c419bf5ae9ff261b770f96e9e2f69405820afe40daa997018312f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eOPHKzyFmEw4zaQJ1NevVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'report-sample' 'nonce-eOPHKzyFmEw4zaQJ1NevVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
date: Fri, 18 Jun 2021 13:25:56 GMT
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 img Show response
docs.google.com/viewerng/ Frame 205D 90 KB
90 KB 33ms
32ms XHR
image/webp 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9ccc78998957b361b4ebe60962513fb857e8d056dd3d033c88529dc05beed81d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hFwhtLX6BMTxzrQ18vMJtQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 13:25:56 GMT
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: script-src 'report-sample' 'nonce-hFwhtLX6BMTxzrQ18vMJtQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 presspage Show response
docs.google.com/viewerng/ Frame 205D 15 KB
5 KB 33ms
33ms XHR
application/json 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/apps-viewer/_/js/k=apps-viewer.standalone.en_US.RWUBx8B_lfI.O/d=1/rs=AC2dHMKIppb1h_Ed1w4gnFN1J2K6AfpUew/m=main

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

65c69d20638e13627d5130c91358fb63a50c48973f328b7234cec31f8fefb42e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7qHMwWcoc1utrdkEyAtimw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'report-sample' 'nonce-7qHMwWcoc1utrdkEyAtimw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
date: Fri, 18 Jun 2021 13:25:56 GMT
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 proxy.html Show response
content.googleapis.com/static/ Frame 9797 382 B
861 B 34ms
14ms Document
text/html 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.bnEFfFZ9cyI.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

69ee3a775268ecf122cec738ed102cd0dcf8235ca367a4d47c581871227cc7d4

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-p85qkqyD5deAg9zdi1r9ZQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/apiserving; base-uri 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: content.googleapis.com
:scheme: https
:path: /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.bnEFfFZ9cyI.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://docs.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://docs.google.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-p85qkqyD5deAg9zdi1r9ZQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/apiserving; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 273
date: Fri, 18 Jun 2021 13:25:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Fri, 17 Jul 2020 22:45:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK d4c1433f-6549-45b5-b560-b7043cdea43d
https://docs.google.com/ Frame 205D 93 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://docs.google.com/d4c1433f-6549-45b5-b560-b7043cdea43d
Requested by: Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8811885beccfde929e9cd9e2e11cfc2d24b2d53260173c67f5325a689419dcf

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 95284
Content-Type: image/webp

GET
BLOB 200
OK 23fe8080-7b7d-447c-b2fb-d28a2e48a3ae
https://docs.google.com/ Frame 205D 88 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://docs.google.com/23fe8080-7b7d-447c-b2fb-d28a2e48a3ae
Requested by: Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7876125d7fcd9a190ece28fdd6a5df2562854f5c7ea115f0aad6d8e490d9ff9f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 90002
Content-Type: image/webp

GET
BLOB 200
OK 81a74e41-cce1-49ef-9219-29a216da8269
https://docs.google.com/ Frame 205D 90 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://docs.google.com/81a74e41-cce1-49ef-9219-29a216da8269
Requested by: Host: docs.google.com
URL: https://docs.google.com/viewer?embedded=true&url=https%3A%2F%2Fwww.defensecode.com%2Fwhitepapers%2FStealing-Windows-Credentials-Using-Google-Chrome.pdf
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9ccc78998957b361b4ebe60962513fb857e8d056dd3d033c88529dc05beed81d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 92366
Content-Type: image/webp

GET
DATA 200
OK truncated
/ Frame 205D 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 googleapis.proxy.js Show response
apis.google.com/js/ Frame 9797 12 KB
5 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/googleapis.proxy.js?onload=startup

Requested by

Host: content.googleapis.com
URL: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.bnEFfFZ9cyI.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

60ac5ed0a2da3c492f47a38e16f32e2a16451b5b35728a6a2feb98063603587c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bYGpAD/nNEfvfGEugKPCzQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://content.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "3ab729136aec8d5b6006d6617d4a6748"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-bYGpAD/nNEfvfGEugKPCzQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Fri, 18 Jun 2021 13:25:56 GMT

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/ Frame 9797 62 KB
21 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/googleapis.proxy.js?onload=startup

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

900584a2e456a5526bf3d20236e62101412ad35e043c57e8aac6a646377a2247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://content.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 20:54:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 145874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21945
x-xss-protection: 0
last-modified: Tue, 15 Jun 2021 19:21:40 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Jun 2022 20:54:42 GMT

GET
H/1.1 200
OK .lp Show response
gitbook-28427.firebaseio.com/ Frame 15BE 423 B
665 B 243ms
112ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gitbook-28427.firebaseio.com/.lp?start=t&ser=93522370&cb=1&v=5

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

8387bee5d99d449522a86881a2fe1ebb1fe22689cf42b8eea9009ad11affc60e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 423
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

POST
H3-29 204 viewerimpressions Show response
content.googleapis.com/drive/v2internal/ Frame 9797 0
15 B 216ms
202ms XHR
text/plain 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyDVQw45DwoYh632gvsP5vPDqEKvb-Ywnb8&alt=json
Requested by: Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: GSE /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-Goog-Encode-Response-If-Executable: base64
X-Origin: https://docs.google.com
X-ClientDetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&platform=Linux%20x86_64&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
Referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.bnEFfFZ9cyI.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ%2Fm%3D__features__
X-Requested-With: XMLHttpRequest
X-JavaScript-User-Agent: google-api-javascript-client/1.1.0
X-Goog-AuthUser: 0
X-Referer: https://docs.google.com

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 13:25:56 GMT
server: GSE
etag: "vyGp6PvFo4RvsFtPoIWeCReyIC8"
vary: Origin, X-Origin
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3-29 204 viewerimpressions Show response
content.googleapis.com/drive/v2internal/ Frame 9797 0
15 B 221ms
207ms XHR
text/plain 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://content.googleapis.com/drive/v2internal/viewerimpressions?key=AIzaSyDVQw45DwoYh632gvsP5vPDqEKvb-Ywnb8&alt=json
Requested by: Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bnEFfFZ9cyI.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ/cb=gapi.loaded_0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: GSE /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-Goog-Encode-Response-If-Executable: base64
X-Origin: https://docs.google.com
X-ClientDetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&platform=Linux%20x86_64&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
Referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.bnEFfFZ9cyI.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCNaq8ri2P66tzK7chsKcRiE1CsLyQ%2Fm%3D__features__
X-Requested-With: XMLHttpRequest
X-JavaScript-User-Agent: google-api-javascript-client/1.1.0
X-Goog-AuthUser: 0
X-Referer: https://docs.google.com

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 13:25:56 GMT
server: GSE
etag: "vyGp6PvFo4RvsFtPoIWeCReyIC8"
vary: Origin, X-Origin
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 834A 421 B
650 B 239ms
113ms Document
text/html 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?dframe=t&id=12824652&pw=hLujHNWI0W&ns=gitbook-28427

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

281f97b9ce2f6bbf428b4268af308d4be9af2d057c3fc897e3960533223df697

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Host: s-usc1c-nss-230.firebaseio.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication

Response headers

Server: nginx
Date: Fri, 18 Jun 2021 13:25:56 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 421
Connection: keep-alive
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 15BE 15 B
256 B 237ms
118ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?id=12824652&pw=hLujHNWI0W&ser=29390237&ns=gitbook-28427

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 15
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 15BE 58 B
299 B 236ms
113ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?id=12824652&pw=hLujHNWI0W&ser=29390238&ns=gitbook-28427&seg0=0&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MSwiYSI6InMiLCJiIjp7ImMiOnsic2RrLmpzLjctMTQtMSI6MX19fX0.

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 58
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 15BE 58 B
299 B 114ms
113ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?id=12824652&pw=hLujHNWI0W&ser=29390239&ns=gitbook-28427&seg0=1&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MiwiYSI6InEiLCJiIjp7InAiOiIvc3BhY2VzLy1MRkVNbkVSM2Z5d2dGSG9yb1luL3VzZXJQYWdlUmF0aW5ncy8tTEtCeXlyYzFEWWJuT1JxMDNSVy8tTWNRTHExTXNOVFFJUzgzQXdEXyIsImgiOiIifX19&seg1=2&ts1=1&d1=eyJ0IjoiZCIsImQiOnsiciI6MywiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHA6JTJGJTJGd3d3JTJFZGVmZW5zZWNvZGUlMkVjb20lMkZ3aGl0ZXBhcGVycyUyRlN0ZWFsaW5nLVdpbmRvd3MtQ3JlZGVudGlhbHMtVXNpbmctR29vZ2xlLUNocm9tZSUyRXBkZiIsImQiOnsib3V0ZGF0ZWQiOnRydWV9fX19&seg2=3&ts2=1&d2=eyJ0IjoiZCIsImQiOnsiciI6NCwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRnd3dyUyRWJsZWVwaW5nY29tcHV0ZXIlMkVjb20lMkZuZXdzJTJGc2VjdXJpdHklMkZ5b3UtY2FuLXN0ZWFsLXdpbmRvd3MtbG9naW4tY3JlZGVudGlhbHMtdmlhLWdvb2dsZS1jaHJvbWUtYW5kLXNjZi1maWxlcyUyRiIsImQiOnsib3V0ZGF0ZWQiOnRydWV9fX19&seg3=4&ts3=1&d3=eyJ0IjoiZCIsImQiOnsiciI6NSwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRnBlbnRlc3RsYWIlMkVibG9nJTJGMjAxNyUyRjEyJTJGMTMlMkZzbWItc2hhcmUtc2NmLWZpbGUtYXR0YWNrcyUyRiIsImQiOnsib3V0ZGF0ZWQiOnRydWV9fX19&seg4=5&ts4=1&d4=eyJ0IjoiZCIsImQiOnsiciI6NiwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRm1lZGl1bSUyRWNvbSUyRkBtYXJrbW90aWclMkZhLWJldHRlci13YXktdG8tY2FwdHVyZS1oYXNoZXMtd2l0aC1uby11c2VyLWludGVyYWN0aW9uLWJ5LW1hcmttby1iZDE1NjliZmEyMDgiLCJkIjp7Im91dGRhdGVkIjp0cnVlfX19fQ..&seg5=6&ts5=1&d5=eyJ0IjoiZCIsImQiOnsiciI6NywiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRmJvaG9wcyUyRWNvbSUyRjIwMTglMkYwOCUyRjA0JTJGY2FwdHVyaW5nLW5ldG50bG0taGFzaGVzLXdpdGgtb2ZmaWNlLWRvdC14bWwtZG9jdW1lbnRzJTJGIiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg6=7&ts6=1&d6=eyJ0IjoiZCIsImQiOnsiciI6OCwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRnR3aXR0ZXIlMkVjb20lMkZib2hvcHMlMkZzdGF0dXMlMkYxMDYyOTM1MTk3MTA3MzIyODgwP3M9MTIiLCJkIjp7Im91dGRhdGVkIjp0cnVlfX19fQ..

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

01fe65d4fd93c66f51043f540156e23f6c69ef7ca0b6a0484bb063888989eb0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 58
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 15BE 58 B
299 B 115ms
115ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?id=12824652&pw=hLujHNWI0W&ser=29390240&ns=gitbook-28427&seg0=8&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6OSwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRnd3dyUyRXNlY3VyaWZ5JTJFbmwlMkZibG9nJTJGU0ZZMjAxODA1MDElMkZsaXZpbmctb2ZmLXRoZS1sYW5kXy1zdGVhbGluZy1uZXRudGxtLWhhc2hlcyUyRWh0bWwiLCJkIjp7Im91dGRhdGVkIjp0cnVlfX19fQ..&seg1=9&ts1=1&d1=eyJ0IjoiZCIsImQiOnsiciI6MTAsImEiOiJtIiwiYiI6eyJwIjoiL2VtYmVkcy9odHRwczolMkYlMkZ3d3clMkVtZHNlYyUyRWNvJTJFdWslMkYyMDIxJTJGMDIlMkZmYXJtaW5nLWZvci1yZWQtdGVhbXMtaGFydmVzdGluZy1uZXRudGxtJTJGIiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

9c03daee44e62cc3f9f47c524e0cf123ec3ae6d11df89ab4ae54f4d2455c07ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 58
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 15BE 323 B
565 B 112ms
111ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?id=12824652&pw=hLujHNWI0W&ser=29390241&ns=gitbook-28427

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

d9400ee2247758beae81bdf9fde2ac8f076b9324d4ffd151ec52faa6605c7fd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:56 GMT
Server: nginx
Connection: keep-alive
Content-Length: 323
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 15BE 47 B
288 B 183ms
182ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?id=12824652&pw=hLujHNWI0W&ser=29390242&ns=gitbook-28427

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

1690098d91976fc03b9c2e0126889a7e251adf3fdf6cfec9fde26035591d0c24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:57 GMT
Server: nginx
Connection: keep-alive
Content-Length: 47
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-230.firebaseio.com/ Frame 15BE 38 B
279 B 112ms
111ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-230.firebaseio.com/.lp?id=12824652&pw=hLujHNWI0W&ser=29390243&ns=gitbook-28427&seg0=10&ts0=1&d0=eyJ0IjoiYyIsImQiOnsidCI6Im4iLCJkIjp7fX19

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

dcbeb789a94a9ef7c93b6b20d763ca818654a79b159b3d77be02ac3772ec34d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 13:25:57 GMT
Server: nginx
Connection: keep-alive
Content-Length: 38
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H2 200 1f37b.svg
abs-0.twimg.com/emoji/v2/svg/ Frame 46BB 3 KB
1 KB 6ms
6ms Image
image/svg+xml 104.244.43.131
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abs-0.twimg.com/emoji/v2/svg/1f37b.svg

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3R3ZWV0X2VtYmVkX2NsaWNrYWJpbGl0eV8xMjEwMiI6eyJidWNrZXQiOiJjb250cm9sIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1062935197107322880&lang=en&origin=https%3A%2F%2Ftwitter.com%2Fbohops%2Fstatus%2F1062935197107322880&sessionId=8e7f84f7fdd729c4df5ed49988ab83b1dea449cb&theme=light&widgetsVersion=82e1070%3A1619632193066&width=550px

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.43.131 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a6c31832e3de9bcade7f798071335a9d5cdb442e5d75a17d4b6445b7bf15bad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=631138519
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
timing-server-allow: https://twitter.com;https://mobile.twitter.com
server-timing: x-cache;desc=HIT, HIT, x-tw-cdn;desc=FT
content-length: 1169
x-served-by: cache-fty21365-FTY, cache-hhn4074-HHN
last-modified: Wed, 21 Feb 2018 22:30:50 GMT
etag: "Xi6gOqSWPNpekdOVwlh+aw=="
vary: Accept-Encoding
x-tw-cdn: FT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
date: Fri, 18 Jun 2021 13:25:57 GMT
expires: Fri, 01 Apr 2022 08:22:23 GMT

GET
H2 200 chunk.966.9bcdd26c.js Show response
gstatic.gitbook.com/js/ 1 MB
135 KB 39ms
39ms Script
application/javascript 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/js/chunk.966.9bcdd26c.js
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.f142f50e.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb

Request headers

Referer: https://www.ired.team/offensive-security/initial-access/t1187-forced-authentication
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 13:25:58 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6299604
cf-polished: origSize=1540766
x-guploader-uploadid: ABg5-UwpHqO3lEk5fGY24xMrxzKaUmsztOxRaJLPxdyRgqAeFBO9HlwfZkZiK-VlxtbNPv4e6b89Z03c6mD4LNmS6aO9oovXkg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 0ac0e5cdff0000d6fd5f3d5000000001
last-modified: Fri, 19 Mar 2021 17:17:25 GMT
server: cloudflare
etag: W/"1ee0a04f04f79506addc6f9cc9ade2c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=6ui4QQ==, md5=HuCgTwT3lQat3G+cya3iwA==
x-goog-generation: 1616174245205973
access-control-allow-origin: *
expires: Wed, 06 Apr 2022 15:32:34 GMT
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1540766
cf-ray: 6614d8c33b17d6fd-FRA
cf-bgj: minify

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: syndication.twitter.com
URL: https://syndication.twitter.com/settings?session_id=7e23355472c893da3de8c54c3528f099fe6a8925

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-19 23:30:33	Name: NID Value: 217=otP5NND6upQh5xiLMbeqsB-3ja2LYdS3kn79uWiFYFQDuf3WNe26hvIL-wa7iFGqtzdAayQ0pEC8ydpTQKXfWULEeMoeumR9urhi-YFbTKgLvvOXn6mulHUbBNU0cCsUMeWPAH0Pvy4U5djaVeUyaULY94eJX_2leTuoFGnp8ds

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://gstatic.gitbook.com/js/111.f142f50e.js(Line 1) Message: Application ready

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' gstatic.gitbook.com .gitbook-staging.com .gitbook.com .firebaseio.com wss://.firebaseio.com .cloudfunctions.net .googleapis.com .gstatic.com data: .google.com .github.com .algolianet.com .algolia.net sentry.io .logrocket.io .lr-ingest.io .stripe.com .clearbit.com .google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net .iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' .firebaseio.com .google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io .stripe.com .clearbit.com .google-analytics.com .iframe.ly .gstatic.com cdnjs.cloudflare.com .intercom.io .intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://.intercom-attachments.com; frame-src ; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' gstatic.gitbook.com .gitbook-staging.com .gitbook.com .firebaseio.com wss://.firebaseio.com .cloudfunctions.net .googleapis.com .gstatic.com data: .google.com .github.com .algolianet.com .algolia.net sentry.io .logrocket.io .lr-ingest.io .stripe.com .clearbit.com .google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net .iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' .firebaseio.com .google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io .stripe.com .clearbit.com .google-analytics.com .iframe.ly .gstatic.com cdnjs.cloudflare.com .intercom.io .intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://.intercom-attachments.com; frame-src ; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs-0.twimg.com
apis.google.com
app.gitbook.com
bohops.files.wordpress.com
cdn.iframe.ly
cdn.lr-ingest.io
cdn.syndication.twimg.com
content.googleapis.com
docs.google.com
fonts.googleapis.com
fonts.gstatic.com
gblobscdn.gitbook.com
gitbook-28427.firebaseio.com
gstatic.gitbook.com
lh5.googleusercontent.com
miro.medium.com
pentestlab.files.wordpress.com
platform.twitter.com
polyfill.io
s-usc1c-nss-230.firebaseio.com
ssl.gstatic.com
syndication.twitter.com
unpkg.com
www.bleepstatic.com
www.datocms-assets.com
www.gitbook.com
www.google-analytics.com
www.gstatic.com
www.ired.team
www.mdsec.co.uk
syndication.twitter.com
104.244.42.8
104.244.43.131
104.26.13.6
104.26.2.136
151.101.65.26
192.0.72.20
192.0.72.28
2600:1901:0:94b6::
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::681a:adf
2606:4700:3035::6815:327f
2606:4700:7::a29f:9804
2606:4700::6810:7eaf
2606:4700::6812:191
2606:4700::6812:86f
2a00:1450:4001:800::200a
2a00:1450:4001:802::2003
2a00:1450:4001:802::200a
2a00:1450:4001:803::200e
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:827::200e
2a00:1450:4001:82a::200e
2a00:1450:4001:831::2003
65.9.77.11
01f39b6ae2e76e31a40e200495fe75e699b6f5ece74fbd9929ac2811b4798361
01fe65d4fd93c66f51043f540156e23f6c69ef7ca0b6a0484bb063888989eb0e
0226f11690adfd32f7a6c13588d35e8b59ab0ab7446919a154c2bd249da93434
02f055da32c9d47f84e37b0ea92bf9f3ff251b5e05e0d031332df6031997a2b6
086414cb3474bb7d8c7ccb0279a288ee87955a1533a80e3793a9d0e97a42d880
0ea11f91597291c51ed822717ff834eba131f2d33a8aa48675c6d57540638ca7
0ed9afbb1ec6613529f40789a8f2ea104c522c085491d031c5bd4ac4a2e36b8c
0f8f1450692b2d86b59dfaa4daa59eb589f12d0075b355d019de82ce5cce0011
1142d3e2151b2d78ac338d8e13d29bae8396d4c0eeecc2c526567954d5b9623b
15eb6a4876bb281f057738b0040edbf87d6253f597c3217e83352d318cd7df9c
1690098d91976fc03b9c2e0126889a7e251adf3fdf6cfec9fde26035591d0c24
1b1fec247f841a6035f977cab10485d4ebe526c43e5dc28ad021a15418b9a54e
1e1505f9dd4ef738356223501de70043e18dcc583be62b5e53abbf4c33eb0f1b
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
263627ec362c25037d69022de008fad33cf85ec7267604a5ae5c8e6fe4ad9e38
281f97b9ce2f6bbf428b4268af308d4be9af2d057c3fc897e3960533223df697
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
331119aedc59fdfbfe0d31fa612eb638cfd2ee0e37f55f05328030d1f668c914
33664aa2d6236329596fe87a448ac96e2700c943ee3022053fac9b5c467624a8
3a04c6375070d506b489e274f84aae46da83d8f8a86a1325f695b8c874450c33
3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd
3dfe53f7e2a9f4f0d69801d9c72643b7894bdc9bb7169c48000fc9927588c1dc
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a
3ed3c50b01daa71dcb11f101b27ea78aedf2a1a9df0e4320be84aef4204b6200
43861e4cb2238d9a5cc5320aa52860f57e105caff3983cf34948eb08c2aaffd0
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb
5f789ea36ae4671282524bda454709578d63b915b782c1e041132a7e726ff1c3
60a668c9c543579fe1086fd50d61aa95e95d22490a299be92f61712ea416e140
60ac5ed0a2da3c492f47a38e16f32e2a16451b5b35728a6a2feb98063603587c
65c69d20638e13627d5130c91358fb63a50c48973f328b7234cec31f8fefb42e
66d254301b86eaf800b047a3f4d3f1530e1ae6ccdd90e30875e9f49cdc2ab894
69ee3a775268ecf122cec738ed102cd0dcf8235ca367a4d47c581871227cc7d4
6da43a0ac4abcb5bc4b10164a762759e5cc81f37e00033643034a891fb490c82
7419a8116d5d66c8c33516698df039db75d31674467593a4d2cbf0c1804eac38
760760f811379710e7f1d2a12c0eaca8270b3374b28fcb9f9477a36388703b99
77e9d07237a128f87d511fba4fb49686858573f8c2e02e468bf7a74ad9d8d2d8
7876125d7fcd9a190ece28fdd6a5df2562854f5c7ea115f0aad6d8e490d9ff9f
7a110b04ad3560c208e5691cef59a6850572ce61e1532e01d562b00d618eb95e
7b7d6238fcc9715ea0d7562ec25feb4ff48409d22fb7d4e70a9ae5d43ea852cb
8387bee5d99d449522a86881a2fe1ebb1fe22689cf42b8eea9009ad11affc60e
841f1b1635a4c199701d0faab6180848725f65cd170f94f99718fa17938570a3
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec
8811c65f1b1fdb8ef6be9a271833c183ccbb9f437e62cdeaef1ac4ccfcb31e31
8bc4ca256a5911fd35cec610ba901e8f3cf66d6e0f7d8d4c924df38cf64258a5
8e5dba2200cd286a1d9dac3ed2d45692c8c4a6afe2d57a2ce01d217cf31dbec8
900584a2e456a5526bf3d20236e62101412ad35e043c57e8aac6a646377a2247
9c03daee44e62cc3f9f47c524e0cf123ec3ae6d11df89ab4ae54f4d2455c07ef
9ccc78998957b361b4ebe60962513fb857e8d056dd3d033c88529dc05beed81d
9cf4df76a10bbe97ceaaa6248f514497eb1a579ab579eef5fcaeaeb7514aeba8
9fe26bb990233ded80c51e6c45f3d88fffd1dd1da0b40c6d3d9fc3ed7d50f853
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a103cf81d6c0cf298f853826631615702bb6388e2bba15d3757493eec07603f6
a11862f0ff7979b1bcb734522c5bf4613ba1f683fc0e487829df33238c2816a4
a12b87855b6403c6f73092396d80541a6984aae03097a637769291d9cad15d19
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405
a6c31832e3de9bcade7f798071335a9d5cdb442e5d75a17d4b6445b7bf15bad3
a7e7383a8368a2fa8bc3aaea7486d8ff62a65d1281325fe94f9f788968a8cd85
aa37e68c6fd396a68bd86131fa5cdbc8e22bc608541813a876aacaeb25fdf4de
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b08419262411f2b8ac3acaac9254ccf84a6c5569d8f100e9e7535d4e1be256cf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b50e40103e4edf3e68a1bba73a72df65e1d5610b1a436e062950aaf6ec1ac5e8
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2
b8f0b0d68a1b36ae16cb713464d069dee820771e3a33b7e5b35076d27959667c
bd8fd26da37cff3a61c6ff1c813398b03df950f6bce5afb44d6acd55e93efe89
c054af933e4d4baf553670d71b6cf788d973a952cc127dade3993c3ef490cef8
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43
c6ac58d7446c419bf5ae9ff261b770f96e9e2f69405820afe40daa997018312f
c8811885beccfde929e9cd9e2e11cfc2d24b2d53260173c67f5325a689419dcf
c90b2824b0db62fd4ed6996183d5379b0791afa57dd4bbd82c295f5240edda23
c9815821ab1442501b9e9bae3d4bc5730315d6a513c8b40141b2d47b76da1916
d0bb00f46ad928f58f887b990049499925981ac779bd8106c58b13fb7471d4c1
d61e17d5031219ed6f9922bda9bc4a12f50ca924804e8cde0424eb2531b16c7b
d9400ee2247758beae81bdf9fde2ac8f076b9324d4ffd151ec52faa6605c7fd7
dcbeb789a94a9ef7c93b6b20d763ca818654a79b159b3d77be02ac3772ec34d4
de59229b6accee9fc8be451471d2d325db54ffcd7c0b46df53c6e88cf8ac9e62
ded55fdbdaf0caa9580597462e0727e239b9799e6cbc2ec81aedac9ceabcfe80
e0e9d9a12b3aad2a7ff17751fdce1b82d7d204197627654eedc31127e833cdc5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6696beb129e60e9848eb345c540053421353220bb4d20e31afb81f550269fb8
e91db62ba045db98cb8ee5ec9d06c071a3095e6be7db66897c47b102efe4e54d
ea0869ddd700cd3c5ba8f54816d996906d095f746f92142c88abae905b207770
eb929919479b2afe4e756a8ab718e9adbc8d94dbd0504da1cf4cea2b252833cc
ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9
f29cd3a2bdcacf9f9f7285c9b74d89f55634f4d43752d81a48914afa7442eb66
fe408b177e061e6956f48318defab18bc1668bdaf1a4338ea76d1eb48668b294
fe6d102409cbfdbf8a541647e62b903508eb4125f9211d7d4bf2395cf0962e4f

www.ired.team Open in urlscan Pro 2606:4700::6812:191 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

107 Requests

95 %HTTPS

70 %IPv6

19 Domains

30 Subdomains

28 IPs

2 Countries

9563 kBTransfer

19713 kBSize

1 Cookies

18 Outgoing links

Redirected requests

107 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ired.team Open in urlscan Pro
2606:4700::6812:191 Public Scan

Screenshot
Live screenshot

Full Image

107
Requests

95 %
HTTPS

70 %
IPv6

19
Domains

30
Subdomains

28
IPs

2
Countries

9563 kB
Transfer

19713 kB
Size

1
Cookies

107 HTTP transactions
1 data transactions