urlscan.io logo urlscan.io
SecurityTrails logo

www.dshield.org Open in urlscan Pro
159.223.154.178  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Submission: On April 24 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 2 countries across 11 domains to perform 59 HTTP transactions. The main IP is 159.223.154.178, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is www.dshield.org. The Cisco Umbrella rank of the primary domain is 254143.
TLS certificate: Issued by R3 on April 5th 2023. Valid for: 3 months.
This is the only time www.dshield.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

27    159.223.154.178 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: mail2.dshield.org
www.dshield.org
3    45.60.31.34 (United States)

ASN19551 (INCAPSULA, US)
isc.sans.edu
1    2404:6800:4004:81e::2008 (Australia)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
14    2404:6800:4004:825::200e (Australia)

ASN15169 (GOOGLE, US)
www.youtube.com
1    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
2    2404:6800:4004:80f::2002 (Australia)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2404:6800:4004:826::2006 (Australia)

ASN15169 (GOOGLE, US)
static.doubleclick.net
4    2404:6800:4004:820::200a (Australia)

ASN15169 (GOOGLE, US)
jnn-pa.googleapis.com
1    2404:6800:4004:810::2004 (Australia)

ASN15169 (GOOGLE, US)
www.google.com
1    2404:6800:4004:821::2016 (Australia)

ASN15169 (GOOGLE, US)
i.ytimg.com
1    2404:6800:4004:812::2001 (Australia)

ASN15169 (GOOGLE, US)
yt3.ggpht.com
1    2404:6800:4004:80f::2003 (Australia)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2404:6800:4004:823::2003 (Australia)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
27 dshield.org
www.dshield.org — Cisco Umbrella Rank: 254143
823 KB
14 youtube.com
www.youtube.com — Cisco Umbrella Rank: 87
1 MB
4 googleapis.com
jnn-pa.googleapis.com — Cisco Umbrella Rank: 310
31 KB
3 gstatic.com
fonts.gstatic.com
www.gstatic.com
33 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 67
static.doubleclick.net — Cisco Umbrella Rank: 390
1 KB
3 sans.edu
isc.sans.edu — Cisco Umbrella Rank: 99100
158 KB
1 ggpht.com
yt3.ggpht.com — Cisco Umbrella Rank: 209
4 KB
1 ytimg.com
i.ytimg.com — Cisco Umbrella Rank: 108
46 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 16
14 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 474
25 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
89 KB
59 11
Domain Requested by
27 www.dshield.org www.dshield.org
isc.sans.edu
14 www.youtube.com www.dshield.org
www.youtube.com
www.googletagmanager.com
4 jnn-pa.googleapis.com www.youtube.com
3 isc.sans.edu www.dshield.org
www.googletagmanager.com
2 www.gstatic.com www.youtube.com
www.gstatic.com
2 googleads.g.doubleclick.net 1 redirects www.youtube.com
1 fonts.gstatic.com www.youtube.com
1 yt3.ggpht.com www.youtube.com
1 i.ytimg.com www.youtube.com
1 www.google.com www.youtube.com
1 static.doubleclick.net www.youtube.com
1 cdn.jsdelivr.net www.googletagmanager.com
1 www.googletagmanager.com www.dshield.org
59 13
Subject Issuer Validity Valid
dshield.org
R3		 2023-04-05 -
2023-07-04		 3 months crt.sh
imperva.com
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-15 -
2023-06-13		 6 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
edgestatic.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Frame ID: B07626603FDAFD751AE62D4AFAFCCA07
Requests: 37 HTTP requests in this frame

Frame: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Frame ID: 96ED0B894227B147A704AA283425B90F
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

InfoSec Handlers Diary Blog - SANS Internet Storm Center

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

59
Requests

97 %
HTTPS

85 %
IPv6

11
Domains

13
Subdomains

14
IPs

2
Countries

2281 kB
Transfer

7712 kB
Size

10
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46
  • https://googleads.g.doubleclick.net/pagead/id HTTP 302
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 19311
www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/ 		39 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
aa4b5d84d5bfb1311e41b15d9c5d6aeff35012f6807362027dedfccd417505c1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
content-type
text/html; charset=UTF-8
date
Mon, 24 Apr 2023 03:03:04 GMT
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
expires
Thu, 19 Nov 1981 08:52:00 GMT
p3p
CP="NON DSP COR CURa ADMa DEVa HISa OUR SAMa DELa UNRa BUS"
permitted-cross-domain-policies
none
pragma
no-cache
randomness
62df54bf9eeb
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-frame-options
same SAMEORIGIN
x-heyjason
SEC522 rocks
x-isc-cdn
6704cb8852
x-xss-protection
1; mode=block
screen.css
www.dshield.org/css/ 		43 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/css/screen.css
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
23326310dbdd4beeb0b8ef0180b730d3e83e89a2cd00bb1119537a10f2b4a59f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
43735
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 09 Mar 2023 12:16:16 GMT
server
nginx
etag
"aad7-5f6769c8cf1b8"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
text/css
accept-ranges
bytes
msft.css
www.dshield.org/css/ 		573 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/css/msft.css
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
883fc965030cbe4773ce84d1280c1672f55d09990049f749e393280d8924345d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
573
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:45 GMT
server
nginx
etag
"23d-5da69f08a9af6"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
text/css
accept-ranges
bytes
fontawesome.css
www.dshield.org/css/ 		46 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/css/fontawesome.css
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
abb60753f5c30c99820f4bbef2e96f2789e20b8a63f39b1b9975185d8e02d627
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
46943
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Tue, 22 Nov 2022 14:46:12 GMT
server
nginx
etag
"b75f-5ee103bc070e6"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
text/css
accept-ranges
bytes
v3.css
www.dshield.org/css/ 		35 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/css/v3.css
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
b2533a8e832118cdbd21009a2f6d50f09f682f632de04ec1a314f3a4e1a3ec47
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
35755
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Sun, 05 Feb 2023 13:58:18 GMT
server
nginx
etag
"8bab-5f3f44e82f721"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
text/css
accept-ranges
bytes
bootstrap-modal.min.css
www.dshield.org/css/bootstrap-modal/ 		5 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/css/bootstrap-modal/bootstrap-modal.min.css
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
f8e97c36779891ad251153beefb65310c9610d128bd05cb464865a248607ee1c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
4905
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:45 GMT
server
nginx
etag
"1329-5da69f0872446"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
text/css
accept-ranges
bytes
jquery-2.0.3.min.js
www.dshield.org/js/ 		82 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/js/jquery-2.0.3.min.js
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
3bb562814d366095a71523f38db3237ad925371b177599721ffeb923f867098a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
83614
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:52 GMT
server
nginx
etag
"1469e-5da69f0ee1b7b"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
count.js
isc.sans.edu/js/ 		886 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/js/count.js
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
522ace4616664c6f58c32821e9a0efd24dc2fdba0776727733cabc005773cff2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains
x-cdn
Imperva
x-iinfo
14-390538352-0 0CNN RT(1682305384477 117) q(0 -1 -1 8) r(1 -1)
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
521
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:51 GMT
server
nc -l -p 80
etag
"436-5da69f0eb77b1"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
x-do-not-hack
18 U.S.C. Parag 1030
cache-control
max-age=82639, public
expires
Tue, 25 Apr 2023 02:00:23 GMT
bootstrap.min.js
www.dshield.org/js/bootstrap-modal/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/js/bootstrap-modal/bootstrap.min.js
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
80bab0fce06cce9b0d11d8d7c5762706523db4da59642f4722b0811a09da41b8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
6601
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:51 GMT
server
nginx
etag
"19c9-5da69f0eb3168"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
default.css
www.dshield.org/css/codesnippet/lib/highlight/styles/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/css/codesnippet/lib/highlight/styles/default.css
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
15970916c5b0511d616a32d43a9b15a3e581e594fb9c061e732f844d3bdbe583
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
2651
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Mon, 29 Aug 2022 16:04:40 GMT
server
nginx
etag
"a5b-5e7636bdbfb68"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
text/css
accept-ranges
bytes
highlight.pack.js
www.dshield.org/css/codesnippet/lib/highlight/ 		30 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/css/codesnippet/lib/highlight/highlight.pack.js
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
f01766f2373b510bcada09ad977ce1af9479de9ef85f8c94539d04f2db6cc0db
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
30210
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Mon, 29 Aug 2022 16:04:40 GMT
server
nginx
etag
"7602-5e7636bdb47be"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/javascript
accept-ranges
bytes
diarycount.js
www.dshield.org/js/ 		527 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/js/diarycount.js?diary=19311
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
081f4aaf27b91cd59cc6aa711f41e44f0d75eb24abbdac074f6e9464a41c387c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:04 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
527
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:51 GMT
server
nginx
etag
"20f-5da69f0ec69e9"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
gtm.js
www.googletagmanager.com/ 		315 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:81e::2008 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ef2bc53c536a202e8b86929f961bd4d597ca36b518fee94f41e451faa31d7322
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
90942
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 24 Apr 2023 03:03:05 GMT
Screen%20Shot%202015-02-07%20at%2010_01_22%20PM.png
isc.sans.edu/diaryimages/images/ 		156 KB
157 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://isc.sans.edu/diaryimages/images/Screen%20Shot%202015-02-07%20at%2010_01_22%20PM.png
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nc -l -p 80 /
Resource Hash
15fe6f20124295fea103c028aa22f0d1ce962d959c3db3f7c9e0c614bb882153
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-390538352-390534867 3NNN RT(1682305384477 655) q(0 0 0 -1) r(1 1) U18
permitted-cross-domain-policies
none
x-heyjason
DEV522 rocks
content-length
159520
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Mon, 19 Mar 2018 22:31:49 GMT
server
nc -l -p 80
etag
"26f20-567cb86138022"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
SAMEORIGIN
content-type
image/png
x-do-not-hack
18 U.S.C. Parag 1030
accept-ranges
bytes
300sqSANSFIRE.png
www.dshield.org/images/sansfire/ 		124 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/images/sansfire/300sqSANSFIRE.png
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
da6c745f894425da90ee613f8a61545883344f3417c5e44bc0cbcddf3645b361
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
126497
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 13 Apr 2023 18:27:47 GMT
server
nginx
etag
"1ee21-5f93be1a27e7e"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
image/png
accept-ranges
bytes
adimg.html
www.dshield.org/ 		6 B
896 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/adimg.html?id=
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
x-isc-cdn
6704cb8852
server
nginx
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
referrer-policy
same-origin
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
text/html; charset=UTF-8
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
6
x-xss-protection
1; mode=block
cc.png
www.dshield.org/images/ 		461 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/images/cc.png
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
e822f0984efb293dbe344fe6134c9a295a10a3fa2ecbc1695594180bdd719e9f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
461
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:46 GMT
server
nginx
etag
"1cd-5da69f09c178b"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
image/png
accept-ranges
bytes
main.js
www.dshield.org/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/js/main.js
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
c1899f311a78162fb68fac938bb683ed222024a6e426f2a12d059e53dfb07578
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
3344
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:56 GMT
server
nginx
etag
"d10-5da69f12e54cc"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
menu.js
www.dshield.org/js/ 		708 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/js/menu.js
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
b5ac7ec5bde333441b767cc685f5e6084f9ba37ecc12f33d2af801a6fa5afc5b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
708
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nginx
etag
"2c4-5e350d41b8c3a"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/javascript; charset=utf-8
accept-ranges
bytes
count
www.dshield.org/api/ 		15 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/api/count?json&r=0.2687678866443799&count=7da8c2b5-ec30-4a72-97f6-9841e259dd03&width=1600
Requested by
Host: isc.sans.edu
URL: https://isc.sans.edu/js/count.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
randomness
41b35f7823ad
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
15
x-xss-protection
1; mode=block
pragma
no-cache
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Mon, 24 Apr 2023 02:53:05 +0000
server
nginx
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same, SAMEORIGIN
content-type
text/json;charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=600
expires
Mon, 24 Apr 2023 03:13:05 +0000
count
www.dshield.org/api/ 		15 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/api/count?json&r=0.3539213122949951&count=7da8c2b5-ec30-4a72-97f6-9841e259dd03&diary=0
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/js/diarycount.js?diary=19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
randomness
a564a84890ee8e92b3d
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
15
x-xss-protection
1; mode=block
pragma
no-cache
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Mon, 24 Apr 2023 02:53:05 +0000
server
nginx
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same, SAMEORIGIN
content-type
text/json;charset=UTF-8
access-control-allow-origin
*
cache-control
s-maxage=600
expires
Mon, 24 Apr 2023 03:13:05 +0000
v2IVRcktKZs
www.youtube.com/embed/ Frame 96ED 		73 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/v2IVRcktKZs
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f03699faec4127f4c24a56992023edc72ee1636bb9421cb18f293130ebf81ff3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Mon, 24 Apr 2023 03:03:05 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=ja for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
fullscreen.png
www.dshield.org/images/ 		346 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/images/fullscreen.png
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
29811fa2a73145ed0a7b5ce19f4f2fa5955e42fb4e7b252826174633ca264fe2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/css/screen.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
346
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nginx
etag
"15a-5da69f0c11048"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
image/png
accept-ranges
bytes
facebook.ico
www.dshield.org/images/icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/images/icons/facebook.ico
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
5678ee6a1f605d6ada6230003a8d9c182869e1f40d02d414b368cc820c9a97b8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/css/screen.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
1150
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nginx
etag
"47e-5da69f0c27f7c"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
image/vnd.microsoft.icon
accept-ranges
bytes
twitter.ico
www.dshield.org/images/icons/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/images/icons/twitter.ico
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
15e2a6aec006e029bcccaf870ab8606a4c03a7ff3df90239ff5cd889ca585a39
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/css/screen.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
6518
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nginx
etag
"1976-5da69f0c371a8"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
image/vnd.microsoft.icon
accept-ranges
bytes
folder.png
www.dshield.org/images/ 		537 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/images/folder.png
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
d049b83cadc5ae55a1639837a7653db1def729761f1913ee5dc4e4eb47fbd2a6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/css/screen.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
537
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Thu, 17 Mar 2022 13:23:49 GMT
server
nginx
etag
"219-5da69f0c06080"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
image/png
accept-ranges
bytes
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10b325a392531c8e79d4ccaddebcd159fd21ceb66bbb05748a97f16bc4166fa5

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		719 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc9ae7d497329a5eca73e21429b751949aad15855cd77d1b29f9224b0857eddf

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		506 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b927ed2eff7fca9c6f9224dd8cda6ae9194dd66321cb09474b079fff8caeef60

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/svg+xml
socialIconsFoot.png
www.dshield.org/img/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dshield.org/img/socialIconsFoot.png
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/screen.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
69ac193c0e6bba260b1ba593b6fac804e10b530304c6c5cf4948d2320829e67f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.dshield.org/css/screen.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
12785
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Sat, 05 Nov 2022 02:07:38 GMT
server
nginx
etag
"31f1-5ecafa78d1a71"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
image/png
accept-ranges
bytes
truncated
/ 		778 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5f335fe583fdad5c70b6c71499a736ce7de3e5d40a496ef092cef2e0e331538e

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/svg+xml
poppins-regular.ttf
www.dshield.org/webfonts/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/webfonts/poppins-regular.ttf
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
66807e8e108c648c970aeace0886706f8c95c616f036529a4b628525208f18e8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.dshield.org/css/v3.css
Origin
https://www.dshield.org
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
16148
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nginx
etag
"3f14-5e350d41e7a2f"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/font-sfnt
accept-ranges
bytes
open-sans-700.ttf
www.dshield.org/webfonts/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/webfonts/open-sans-700.ttf
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
68151e32200f64f60f412bbc3ccde917a5fadb2f1a464cf7b3b77fd7675e6afc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.dshield.org/css/v3.css
Origin
https://www.dshield.org
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
31420
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nginx
etag
"7abc-5e350d41e4768"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/font-sfnt
accept-ranges
bytes
open-sans-regular.ttf
www.dshield.org/webfonts/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/webfonts/open-sans-regular.ttf
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
18b7e49a6696c5a278ac77eb98149048d0819df63ac265a2cf3abb26914d57c3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.dshield.org/css/v3.css
Origin
https://www.dshield.org
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
31380
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nginx
etag
"7a94-5e350d41e5ed7"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/font-sfnt
accept-ranges
bytes
clear-sans-medium.ttf
www.dshield.org/webfonts/ 		306 KB
307 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.dshield.org/webfonts/clear-sans-medium.ttf
Requested by
Host: www.dshield.org
URL: https://www.dshield.org/css/v3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
159.223.154.178 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
mail2.dshield.org
Software
nginx /
Resource Hash
93677acbadea77e254b491589812f1e218a97adcd10a4957622b8c7a86e14181
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.dshield.org/css/v3.css
Origin
https://www.dshield.org
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
strict-transport-security
max-age=31556926; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
permitted-cross-domain-policies
none
x-heyjason
SEC522 rocks
content-length
313308
x-xss-protection
1; mode=block
x-isc-cdn
6704cb8852
referrer-policy
same-origin
last-modified
Fri, 08 Jul 2022 20:12:59 GMT
server
nginx
etag
"4c7dc-5e350d41e10bb"
expect-ct
max-age=0, report-uri="https://isc.sans.edu/cspreport.html"
x-frame-options
same
content-type
application/font-sfnt
accept-ranges
bytes
sp.min.js
cdn.jsdelivr.net/npm/@snowplow/javascript-tracker@3.5.0/dist/ 		73 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@snowplow/javascript-tracker@3.5.0/dist/sp.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
76039a26bb3656600240ac08bc5f0ce450661977af129ab9c746ea4efe45a1a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 24 Apr 2023 03:03:05 GMT
x-content-type-options
nosniff
content-encoding
br
age
2942658
x-jsd-version
3.5.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
25416
x-served-by
cache-fra-eddf8230095-FRA, cache-nrt-rjtf7700026-NRT
x-jsd-version-type
version
etag
W/"12364-F9/xW8QJROE2aN3C47q1tjOoX0s"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
www-player.css
www.youtube.com/s/player/d87d581f/ Frame 96ED 		400 KB
51 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
40fba0019ff3cd5ef1ad3797b7b223a9f434ccf632b89f322241ef51434a389b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 23 Apr 2023 13:02:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
50437
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52077
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 22 Apr 2024 13:02:28 GMT
www-embed-player.js
www.youtube.com/s/player/d87d581f/www-embed-player.vflset/ Frame 96ED 		355 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3d179f0e69da4cb3808800bac82c6be701f77b395677dd09621e8009680a960
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 21:48:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
105255
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112492
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 21:48:50 GMT
base.js
www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/ Frame 96ED 		2 MB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 23:01:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
100870
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
638211
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 23:01:55 GMT
fetch-polyfill.js
www.youtube.com/s/player/d87d581f/fetch-polyfill.vflset/ Frame 96ED 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 05:26:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
164178
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2786
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 05:26:47 GMT
v2IVRcktKZs
www.youtube.com/embed/ Frame 96ED 		73 KB
30 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
97f71161701efda196ab8579bf069afcd43ae712acaec7118f271fb030deabe8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Mon, 24 Apr 2023 03:03:05 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
cspreport.html
isc.sans.edu/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://isc.sans.edu/cspreport.html
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/csp-report

Response headers
iframe_api
www.youtube.com/ 		0
0
www-player.css
www.youtube.com/s/player/d87d581f/ Frame 96ED 		400 KB
51 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/www-player.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
40fba0019ff3cd5ef1ad3797b7b223a9f434ccf632b89f322241ef51434a389b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 23 Apr 2023 13:02:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
50437
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52077
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 22 Apr 2024 13:02:28 GMT
www-embed-player.js
www.youtube.com/s/player/d87d581f/www-embed-player.vflset/ Frame 96ED 		355 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/www-embed-player.vflset/www-embed-player.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3d179f0e69da4cb3808800bac82c6be701f77b395677dd09621e8009680a960
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 21:48:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
105255
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112492
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 21:48:50 GMT
base.js
www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/ Frame 96ED 		2 MB
623 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
00317c8dad1298e3a926c519f2625d933076fb4314cbe0431e20407c3629411a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 23:01:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
100870
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
638211
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 23:01:55 GMT
fetch-polyfill.js
www.youtube.com/s/player/d87d581f/fetch-polyfill.vflset/ Frame 96ED 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/fetch-polyfill.vflset/fetch-polyfill.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 05:26:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
164178
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2786
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 05:26:47 GMT
id
googleads.g.doubleclick.net/pagead/ Frame 96ED
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/id
  • https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
100 B
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H2
Server
2404:6800:4004:80f::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
db6dbb0d87e862f441504b75606f0062648b265fd78ee62b7e9b578f72b2f3f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Mon, 24 Apr 2023 03:03:05 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/html; charset=UTF-8
location
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin
https://www.youtube.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad_status.js
static.doubleclick.net/instream/ Frame 96ED 		29 B
494 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.doubleclick.net/instream/ad_status.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/www-embed-player.vflset/www-embed-player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::2006 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:00:35 GMT
x-content-type-options
nosniff
age
150
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
x-xss-protection
0
last-modified
Thu, 12 Dec 2013 23:40:16 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 24 Apr 2023 03:15:35 GMT
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:820::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Mon, 24 Apr 2023 03:03:05 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 96ED 		66 KB
31 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:820::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6c3a8083d830dcb269fb166c5a77282f51c12fa328c1f04ad04fc376beadc8fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31169
x-xss-protection
0
remote.js
www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/ Frame 96ED 		117 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/remote.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3ba797edcc5962a9f138b7d05b8e599af4632cc55f4c4a8a6cc9cc9134965b27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 15:04:29 GMT
content-encoding
br
x-content-type-options
nosniff
age
129516
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36615
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 15:04:29 GMT
ymD8mqb2jAHc-oWP6UM0kDpI7GaSG_zI3vXiXIPrEkw.js
www.google.com/js/th/ Frame 96ED 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/js/th/ymD8mqb2jAHc-oWP6UM0kDpI7GaSG_zI3vXiXIPrEkw.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:810::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ca60fc9aa6f68c01dcfa858fe94334903a48ec66921bfcc8def5e25c83eb124c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 17:42:09 GMT
content-encoding
br
x-content-type-options
nosniff
age
120056
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14304
x-xss-protection
0
last-modified
Tue, 11 Apr 2023 09:30:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 21 Apr 2024 17:42:09 GMT
maxresdefault.webp
i.ytimg.com/vi_webp/v2IVRcktKZs/ Frame 96ED 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ytimg.com/vi_webp/v2IVRcktKZs/maxresdefault.webp
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:821::2016 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d6e52eedb8739cb6af0ac2f5ffee1d3a5ad598d22aa6436626fd6bb03477eb8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
x-content-type-options
nosniff
server
sffe
etag
"1423370221"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/webp
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46366
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 24 Apr 2023 05:03:05 GMT
embed.js
www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/ Frame 96ED 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/embed.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54174789f7acd8ac2e99128fc6d9cf83d4679673be99b0d5bceb5442f703f4c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 06:37:17 GMT
content-encoding
br
x-content-type-options
nosniff
age
159948
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9097
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:49 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Sun, 21 Apr 2024 06:37:17 GMT
truncated
/ Frame 96ED 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/png
AGIKgqPHWSw3j8e8-sNulFohwwxYKL6haFq_c62zjCTv=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 96ED 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yt3.ggpht.com/ytc/AGIKgqPHWSw3j8e8-sNulFohwwxYKL6haFq_c62zjCTv=s68-c-k-c0x00ffffff-no-rj
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:812::2001 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
93579a6ce910242595a7e2fdf6f101d9d94d949e09a21bcc43cfed277617e0a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
x-content-type-options
nosniff
age
1
content-disposition
inline;filename="unnamed.jpg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3467
x-xss-protection
0
server
fife
etag
"v3e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 25 Apr 2023 03:03:05 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 96ED 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:80f::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.youtube.com/
Origin
https://www.youtube.com
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 06:13:11 GMT
x-content-type-options
nosniff
age
161394
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Apr 2024 06:13:11 GMT
cast_sender.js
www.gstatic.com/cv/js/sender/v1/ Frame 96ED 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2007
x-xss-protection
0
last-modified
Tue, 16 Feb 2021 23:57:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview"
vary
Accept-Encoding
report-to
{"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 24 Apr 2023 03:03:05 GMT
generate_204
www.youtube.com/ Frame 96ED 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/generate_204?tdNa6g
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:820::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method
POST
Origin
https://www.youtube.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type,x-goog-api-key,x-user-agent
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://www.youtube.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html
date
Mon, 24 Apr 2023 03:03:05 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 96ED 		90 B
134 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/player_ias.vflset/ja_JP/base.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:820::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5833382019061a298f7aaf7b5bb264f2cb9560ded267a93ea459741ec4da52b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-User-Agent
grpc-web-javascript/0.1
Referer
https://www.youtube.com/
X-Goog-Api-Key
AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json+protobuf

Response headers

date
Mon, 24 Apr 2023 03:03:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json+protobuf; charset=UTF-8
access-control-allow-origin
https://www.youtube.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
110
x-xss-protection
0
cast_sender.js
www.gstatic.com/eureka/clank/112/ Frame 96ED 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/eureka/clank/112/cast_sender.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a312de5d5df23f9f480daa5837af8b88f77bb83c0ad3f04d474a449d43e7859
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 23 Apr 2023 13:07:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50115
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14872
x-xss-protection
0
last-modified
Mon, 13 Feb 2023 16:06:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="cloudview-release"
vary
Accept-Encoding
report-to
{"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type
text/javascript
cache-control
public, max-age=86400
accept-ranges
bytes
expires
Mon, 24 Apr 2023 13:07:50 GMT
log_event
www.youtube.com/youtubei/v1/ Frame 96ED 		28 B
50 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/player/d87d581f/www-embed-player.vflset/www-embed-player.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:825::200e , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
X-Goog-Request-Time
1682305387936
Content-Type
application/json
X-YouTube-Utc-Offset
0
X-YouTube-Client-Name
56
Referer
https://www.youtube.com/embed/v2IVRcktKZs?enablejsapi=1&origin=https%3A%2F%2Fwww.dshield.org
X-YouTube-Client-Version
1.20230418.00.00
X-YouTube-Time-Zone
Etc/Unknown
X-Goog-Visitor-Id
CgtWNVEwazdKcDN6VSjp4peiBg%3D%3D
X-YouTube-Ad-Signals
dt=1682305385529&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1012%2C150&vis=1&wgl=true&ca_type=image

Response headers

date
Mon, 24 Apr 2023 03:03:07 GMT
content-encoding
br
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
x-frame-options
SAMEORIGIN
vary
Origin, X-Origin, Referer
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.youtube.com
URL
https://www.youtube.com/iframe_api

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| dataLayer function| $ function| jQuery function| uuidv4 function| getCookie function| setCookie string| uuid object| hljs function| maxarticle function| findGetParameter number| diaryid object| block object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| GlobalSnowplowNamespace function| snowplow function| getIpInfo undefined| modal function| openModal function| closeModal function| startSpinner function| stopSpinner function| bindIpModal function| mobileMenu function| onYouTubeIframeAPIReady

10 Cookies

Domain/Path Name / Value
www.dshield.org/ Name: __Secure-dshield
Value: eu4pr7pv604pt8aece05f0adh7
www.dshield.org/ Name: sessionhash
Value: 590f773935ab7a5f1d0612a647d5d30399171b317adc4a04feeb4e8d342f9fcc
.sans.edu/ Name: visid_incap_2188750
Value: 67tNOCHlT0e559ENgiyRKmjxRWQAAAAAQUIPAAAAAABOrnf8s/4MN+NyvV/EUdmv
.sans.edu/ Name: incap_ses_1355_2188750
Value: +Ag7SI0EmxeZxD2L/u3NEmjxRWQAAAAAk76W1xJZgFHSgYsUocpEHg==
www.dshield.org/ Name: count
Value: 7da8c2b5-ec30-4a72-97f6-9841e259dd03
.youtube.com/ Name: YSC
Value: RR8_nYDVYQo
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: V5Q0k7Jp3zU
.dshield.org/ Name: spses.8ee6
Value: *
.dshield.org/ Name: spid.8ee6
Value: ab5387ab-e28b-4528-9eae-d84ff2e6f7b4.1682305385.1.1682305385..f87eb705-0b81-4a1e-9d41-011422746691....0
.sans.edu/ Name: nlbi_2188750
Value: AlBaPRAsJR4RWoOKac18PgAAAACjFWfg7JQVskxJ2TcBweVJ

1 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B(Line 102)
Message:
Refused to load the script 'https://www.youtube.com/iframe_api' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src self https://isc.sans.edu https://www.dshield.org;
Strict-Transport-Security max-age=31556926; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options same SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.gstatic.com
googleads.g.doubleclick.net
i.ytimg.com
isc.sans.edu
jnn-pa.googleapis.com
static.doubleclick.net
www.dshield.org
www.google.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
www.youtube.com
159.223.154.178
2404:6800:4004:80f::2002
2404:6800:4004:80f::2003
2404:6800:4004:810::2004
2404:6800:4004:812::2001
2404:6800:4004:81e::2008
2404:6800:4004:820::200a
2404:6800:4004:821::2016
2404:6800:4004:823::2003
2404:6800:4004:825::200e
2404:6800:4004:826::2006
2a04:4e42::485
45.60.31.34
00317c8dad1298e3a926c519f2625d933076fb4314cbe0431e20407c3629411a
081f4aaf27b91cd59cc6aa711f41e44f0d75eb24abbdac074f6e9464a41c387c
10b325a392531c8e79d4ccaddebcd159fd21ceb66bbb05748a97f16bc4166fa5
15970916c5b0511d616a32d43a9b15a3e581e594fb9c061e732f844d3bdbe583
15e2a6aec006e029bcccaf870ab8606a4c03a7ff3df90239ff5cd889ca585a39
15fe6f20124295fea103c028aa22f0d1ce962d959c3db3f7c9e0c614bb882153
18b7e49a6696c5a278ac77eb98149048d0819df63ac265a2cf3abb26914d57c3
23326310dbdd4beeb0b8ef0180b730d3e83e89a2cd00bb1119537a10f2b4a59f
29811fa2a73145ed0a7b5ce19f4f2fa5955e42fb4e7b252826174633ca264fe2
3ba797edcc5962a9f138b7d05b8e599af4632cc55f4c4a8a6cc9cc9134965b27
3bb562814d366095a71523f38db3237ad925371b177599721ffeb923f867098a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
40fba0019ff3cd5ef1ad3797b7b223a9f434ccf632b89f322241ef51434a389b
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4a312de5d5df23f9f480daa5837af8b88f77bb83c0ad3f04d474a449d43e7859
522ace4616664c6f58c32821e9a0efd24dc2fdba0776727733cabc005773cff2
54174789f7acd8ac2e99128fc6d9cf83d4679673be99b0d5bceb5442f703f4c2
5678ee6a1f605d6ada6230003a8d9c182869e1f40d02d414b368cc820c9a97b8
5833382019061a298f7aaf7b5bb264f2cb9560ded267a93ea459741ec4da52b7
5d6e52eedb8739cb6af0ac2f5ffee1d3a5ad598d22aa6436626fd6bb03477eb8
5f335fe583fdad5c70b6c71499a736ce7de3e5d40a496ef092cef2e0e331538e
66807e8e108c648c970aeace0886706f8c95c616f036529a4b628525208f18e8
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
68151e32200f64f60f412bbc3ccde917a5fadb2f1a464cf7b3b77fd7675e6afc
69ac193c0e6bba260b1ba593b6fac804e10b530304c6c5cf4948d2320829e67f
6c3a8083d830dcb269fb166c5a77282f51c12fa328c1f04ad04fc376beadc8fe
76039a26bb3656600240ac08bc5f0ce450661977af129ab9c746ea4efe45a1a0
80bab0fce06cce9b0d11d8d7c5762706523db4da59642f4722b0811a09da41b8
883fc965030cbe4773ce84d1280c1672f55d09990049f749e393280d8924345d
93579a6ce910242595a7e2fdf6f101d9d94d949e09a21bcc43cfed277617e0a3
93677acbadea77e254b491589812f1e218a97adcd10a4957622b8c7a86e14181
97f71161701efda196ab8579bf069afcd43ae712acaec7118f271fb030deabe8
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288
aa4b5d84d5bfb1311e41b15d9c5d6aeff35012f6807362027dedfccd417505c1
abb60753f5c30c99820f4bbef2e96f2789e20b8a63f39b1b9975185d8e02d627
b2533a8e832118cdbd21009a2f6d50f09f682f632de04ec1a314f3a4e1a3ec47
b5ac7ec5bde333441b767cc685f5e6084f9ba37ecc12f33d2af801a6fa5afc5b
b927ed2eff7fca9c6f9224dd8cda6ae9194dd66321cb09474b079fff8caeef60
c1899f311a78162fb68fac938bb683ed222024a6e426f2a12d059e53dfb07578
c3d179f0e69da4cb3808800bac82c6be701f77b395677dd09621e8009680a960
ca60fc9aa6f68c01dcfa858fe94334903a48ec66921bfcc8def5e25c83eb124c
cc9ae7d497329a5eca73e21429b751949aad15855cd77d1b29f9224b0857eddf
d049b83cadc5ae55a1639837a7653db1def729761f1913ee5dc4e4eb47fbd2a6
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
da6c745f894425da90ee613f8a61545883344f3417c5e44bc0cbcddf3645b361
db6dbb0d87e862f441504b75606f0062648b265fd78ee62b7e9b578f72b2f3f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e822f0984efb293dbe344fe6134c9a295a10a3fa2ecbc1695594180bdd719e9f
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef2bc53c536a202e8b86929f961bd4d597ca36b518fee94f41e451faa31d7322
f01766f2373b510bcada09ad977ce1af9479de9ef85f8c94539d04f2db6cc0db
f03699faec4127f4c24a56992023edc72ee1636bb9421cb18f293130ebf81ff3
f8e97c36779891ad251153beefb65310c9610d128bd05cb464865a248607ee1c