www.mike-gualtieri.com Open in urlscan Pro
52.5.81.224 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
Submission: On January 09 via manual (January 9th 2023, 3:04:07 pm UTC) from US — Scanned from DE

Summary HTTP 34 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 34 HTTP transactions. The main IP is 52.5.81.224, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.mike-gualtieri.com.
TLS certificate: Issued by R3 on December 4th 2022. Valid for: 3 months.

This is the only time www.mike-gualtieri.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	52.5.81.224 52.5.81.224	14618 (AMAZON-AES) (AMAZON-AES)
5	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:802::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
34	6

22 52.5.81.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-81-224.compute-1.amazonaws.com

www.mike-gualtieri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:802::2008 (Ireland)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	mike-gualtieri.com www.mike-gualtieri.com	3 MB
5	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1204	116 KB
4	gstatic.com fonts.gstatic.com	63 KB
2	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 424	17 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 127	1 KB
34	5

	Domain	Requested by
22	www.mike-gualtieri.com	www.mike-gualtieri.com
5	maxcdn.bootstrapcdn.com	www.mike-gualtieri.com maxcdn.bootstrapcdn.com
4	fonts.gstatic.com	fonts.googleapis.com
2	ssl.google-analytics.com	www.mike-gualtieri.com
1	fonts.googleapis.com	www.mike-gualtieri.com
34	5

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
www.bleepingcomputer.com
github.com
en.wikipedia.org
docs.microsoft.com
www.microsoft.com
osqa-ask.wireshark.org
davenport.sourceforge.net
www.facebook.com
makerf.com

Subject Issuer	Validity	Valid
www.mike-gualtieri.com R3	`2022-12-04` - `2023-03-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
Frame ID: BB43AB16624BB273F0E926730C911BD0
Requests: 41 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Live off the Land and Crack the NTLMSSP Protocol :: Mike Gualtieri

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

34
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

2848 kB
Transfer

3889 kB
Size

6
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/mlgualtieri

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/mlgualtieri/

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/microsoft/windows-10-quietly-got-a-built-in-network-sniffer-how-to-use/
Title: Bleeping Computer published an article about PKTMON.EXE

Search URL Search Domain Scan URL

URL: https://github.com/mlgualtieri/NTLMRawUnHide
Title: Python3 script called NTLMRawUnHide

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/NT_LAN_Manager#NTLMv2
Title: NTLMv2

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthn/microsoft-kerberos
Title: Kerberos

Search URL Search Domain Scan URL

URL: https://github.com/lgandx/Responder
Title: Responder

Search URL Search Domain Scan URL

URL: https://github.com/microsoft/etl2pcapng
Title: Microsoft's etl2pcapng

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/download/4865
Title: Microsoft Network Monitor 3.4

Search URL Search Domain Scan URL

URL: https://osqa-ask.wireshark.org/questions/49056/how-to-convert-cap-to-pcap
Title: editcap utility

Search URL Search Domain Scan URL

URL: http://davenport.sourceforge.net/ntlm.html
Title: The NTLM Authentication Protocol and Security Support Provider

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/NTLMSSP
Title: NTLMSSP

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/wsl/install-win10
Title: WSL

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Search URL Search Domain Scan URL

URL: http://twitter.com/home?status=Live%20off%20the%20Land%20and%20Crack%20the%20NTLMSSP%20Protocol+https%3A%2F%2Fwww.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Search URL Search Domain Scan URL

URL: http://makerf.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request live-off-the-land-and-crack-the-ntlmssp-protocol Show response
www.mike-gualtieri.com/posts/ 32 KB
9 KB 382ms
126ms Document
text/html 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

2216c124929463f1c09ba6403534501c9f1b42a985480ad5c67593d8c01ba1ca

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 8914
content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
content-type: text/html; charset=UTF-8
date: Mon, 09 Jan 2023 15:04:02 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 jquery-1.12.4.min.js Show response
www.mike-gualtieri.com/js/ 95 KB
33 KB 117ms
115ms Script
text/javascript 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/js/jquery-1.12.4.min.js

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 15:04:02 GMT
last-modified: Mon, 14 May 2018 21:40:03 GMT
server: Apache
etag: "17b8b-56c31541291c0-gzip"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 33760
x-xss-protection: 1; mode=block

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 177ms
155ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mike-gualtieri.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 15:04:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 871
cdn-cachedat: 07/07/2022 17:49:34
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: d633e2a1f01b62a8234d9c8dd979efcc
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 786e102839432c6e-FRA
cdn-requestpullsuccess: True

GET
H2 200 bootstrap-theme.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 23 KB
3 KB 162ms
141ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mike-gualtieri.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 15:04:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 845
cdn-cachedat: 04/23/2022 03:20:25
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"ab6b02efeaf178e0247b9504051472fb"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cdn-cache: HIT
access-control-allow-origin: *
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: b9d52b6c734ab4709691ee79c4b7f35f
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 786e102839512c6e-FRA
cdn-requestpullsuccess: True

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 36 KB
10 KB 165ms
143ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mike-gualtieri.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 15:04:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 871
cdn-cachedat: 03/12/2022 18:02:15
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"5869c96cc8f19086aee625d670d741f9"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
access-control-allow-origin: *
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: ed69b0be3bdf5cf0254b1e2e0df9a96a
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 786e1028395b2c6e-FRA
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 61ms
23ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Droid+Sans+Mono|Arimo:400,400i,700

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8b675e8064e4c0d54ad48fcc2706130cb52d2325d590a4042fda55d6ffe0b8fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 09 Jan 2023 15:04:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 09 Jan 2023 15:04:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 09 Jan 2023 15:04:02 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 176ms
154ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.mike-gualtieri.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 15:04:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 755
cdn-cachedat: 12/08/2022 20:58:03
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 119b15897df0f020539b7cb56af9ac2b
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 786e102839572c6e-FRA
cdn-requestpullsuccess: True

GET
H2 200 base.js Show response
www.mike-gualtieri.com/js/ 2 KB
887 B 113ms
111ms Script
text/javascript 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/js/base.js

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

cabfec46986f4208202e59fdaf6e85145f7539c01721073ff16b7cb361218bd2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 15:04:02 GMT
last-modified: Mon, 05 Feb 2018 14:54:08 GMT
server: Apache
etag: "7b1-564783bf739e8-gzip"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 788
x-xss-protection: 1; mode=block

GET
H2 200 scripts.js Show response
www.mike-gualtieri.com/js/ 593 B
433 B 114ms
113ms Script
text/javascript 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/js/scripts.js

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

0a60dc52422270e32a0ad2e2892e2fcb362c1de3d1d8575988131cdf3e93a8d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 15:04:02 GMT
last-modified: Tue, 16 Jan 2018 15:37:54 GMT
server: Apache
etag: "251-562e683b0db82-gzip"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 351
x-xss-protection: 1; mode=block

GET
H2 200 min.css
www.mike-gualtieri.com/css/ 13 KB
3 KB 115ms
114ms Stylesheet
text/css 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/css/min.css

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

3b5801a8b46b6c50070d19c17550f51d2ea4b2863d09f376f62a54b09b44a3b7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 15:04:02 GMT
server: Apache
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
content-length: 3219
x-xss-protection: 1; mode=block

GET
H2 200 NTLMRawUnHide-card.png
www.mike-gualtieri.com/images/posts/ 197 KB
199 KB 107ms
106ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/NTLMRawUnHide-card.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

c67980224c170e0d52bb94f4e97d6ca7bd5a2d2d04bb5ff3589506dbffa663b7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 20:17:27 GMT
server: Apache
etag: "31463-5a8ee47fff7e9"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 201827
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp1.png
www.mike-gualtieri.com/images/posts/ 197 KB
199 KB 272ms
271ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp1.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

757d720232843b13c806f384c82e625ce134d39f03014110270daf027af13411

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 19:36:37 GMT
server: Apache
etag: "315a0-5a8edb5f6ac36"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 202144
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp2.png
www.mike-gualtieri.com/images/posts/ 186 KB
188 KB 265ms
263ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp2.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

daec7e364a8c3675880788541bf66bc7537376c275aae7bf970b542eaebb2173

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 16:48:15 GMT
server: Apache
etag: "2e99f-5a8eb5bdec4eb"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 190879
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp2-server-challenge.png
www.mike-gualtieri.com/images/posts/ 188 KB
189 KB 256ms
255ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp2-server-challenge.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

0454a824b96ca5f6d86b263d326ff42b28d701d736c20e6fe73e1c634e079d59

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 16:48:15 GMT
server: Apache
etag: "2f001-5a8eb5bdec4eb"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 192513
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp3.png
www.mike-gualtieri.com/images/posts/ 192 KB
193 KB 256ms
255ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp3.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b510960c50e92ee63dc1f51cc049009ac86edc09bdba11806b153b92db951b95

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 16:48:15 GMT
server: Apache
etag: "3005c-5a8eb5bdef3cb"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 196700
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp3-domain.png
www.mike-gualtieri.com/images/posts/ 197 KB
198 KB 257ms
255ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp3-domain.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

4311056b420beb7e06527e3710666aa248692cc12e1fb2baf4a2cc6119776ae9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 19:48:59 GMT
server: Apache
etag: "31574-5a8ede23cc659"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 202100
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp3-username.png
www.mike-gualtieri.com/images/posts/ 196 KB
196 KB 257ms
256ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp3-username.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

0984bc86149860a2a68b67d5ce514f5b9f479f5024c994b91d8b089ebfbc84d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 16:48:15 GMT
server: Apache
etag: "30fba-5a8eb5bdef3cb"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 200634
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp3-hostname.png
www.mike-gualtieri.com/images/posts/ 196 KB
196 KB 265ms
264ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp3-hostname.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b7229041bc89bccc4d200052f3cae128976c7727b9ba7fdccfc4d0d35cc07a97

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 16:48:15 GMT
server: Apache
etag: "310d2-5a8eb5bdee42b"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 200914
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp3-ntlmv2response.png
www.mike-gualtieri.com/images/posts/ 191 KB
191 KB 265ms
264ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp3-ntlmv2response.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

76c8888b2e2785ee9a25c1c589ea5b8274efbbf30acf823bcbff40d56721169e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 16:48:15 GMT
server: Apache
etag: "2fc59-5a8eb5bdee42b"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 195673
x-xss-protection: 1; mode=block

GET
H2 200 ntlmssp3-ntproofstr.png
www.mike-gualtieri.com/images/posts/ 194 KB
194 KB 257ms
256ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/ntlmssp3-ntproofstr.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

df51da43a602d38e36e7fca6bcd55c0a54973ad4f4cca1c92aa8d70044edead8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 16:48:15 GMT
server: Apache
etag: "30679-5a8eb5bdee42b"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 198265
x-xss-protection: 1; mode=block

GET
H2 200 carbon-ntlmv2-hash-structure.png
www.mike-gualtieri.com/images/posts/ 29 KB
29 KB 265ms
264ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/carbon-ntlmv2-hash-structure.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

efb5881d50dd3e63ea12419b5188490c0a19fede54bfadf98c5729e9d676ccc4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Tue, 07 Jul 2020 18:19:37 GMT
server: Apache
etag: "748f-5a9de08b837ae"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 29839
x-xss-protection: 1; mode=block

GET
H2 200 NTLMRawUnHide-thumb.png
www.mike-gualtieri.com/images/posts/ 553 KB
553 KB 257ms
256ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/NTLMRawUnHide-thumb.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

e03553092f8d7ac127d12ed91bf4ed89e5fd85a3faea526180d2afddcfdd00af

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Jun 2020 14:14:27 GMT
server: Apache
etag: "8a30d-5a8fd53a60f1d"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 566029
x-xss-protection: 1; mode=block

GET
H2 200 makerf.png
www.mike-gualtieri.com/images/posts/ 6 KB
6 KB 265ms
264ms Image
image/png 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.mike-gualtieri.com/images/posts/makerf.png

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b73390b93ee2a7ce10c0dc6e0186cb0b50d501dd38dec8580d50b5d152c88062

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jan 2018 15:55:28 GMT
server: Apache
etag: "1660-5639bcf14c819"
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 5728
x-xss-protection: 1; mode=block

POST
H2 204 csp-violation-report-endpoint
www.mike-gualtieri.com/ 0
29 B 215ms
214ms Other
text/plain 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/csp-violation-report-endpoint

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
server: Apache
x-frame-options: DENY
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
x-xss-protection: 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 109ms
29ms Script
text/javascript 2a00:1450:400d:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 09 Jan 2023 14:21:39 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 2543
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Mon, 09 Jan 2023 16:21:39 GMT

GET
H2 200 6NUO8FuJNQ2MbkrZ5-J8lKFrp7pRef2r.woff2
fonts.gstatic.com/s/droidsansmono/v20/ 18 KB
19 KB 53ms
16ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/droidsansmono/v20/6NUO8FuJNQ2MbkrZ5-J8lKFrp7pRef2r.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans+Mono|Arimo:400,400i,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a8e7108949ee83e8eeadd9cd0ed0f98bd8870f2afa75c26ccdc9e795fb58e30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 07 Jan 2023 18:06:56 GMT
x-content-type-options: nosniff
age: 161826
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18400
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 17:56:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jan 2024 18:06:56 GMT

GET
H2 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 131ms
130ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 09 Jan 2023 15:04:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 894
cdn-cachedat: 07/10/2022 05:11:48
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: cb97c40886440c29d3db667a85e4ed34
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 786e10299bff2c6e-FRA
cdn-requestpullsuccess: True

GET
H2 200 P5sMzZCDf9_T_10ZxCE.woff2
fonts.gstatic.com/s/arimo/v27/ 18 KB
18 KB 56ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arimo/v27/P5sMzZCDf9_T_10ZxCE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans+Mono|Arimo:400,400i,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff84f1e03eb15dedc4668f0817372b734934076bc936e12c5c0bd3944dab0c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 04 Jan 2023 21:03:44 GMT
x-content-type-options: nosniff
age: 410418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18260
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 21:03:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jan 2024 21:03:44 GMT

GET
H2 200 P5sdzZCDf9_T_10c3i9MeUcyat4iJY-ERCrDfQY.woff2
fonts.gstatic.com/s/arimo/v27/ 11 KB
11 KB 67ms
31ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arimo/v27/P5sdzZCDf9_T_10c3i9MeUcyat4iJY-ERCrDfQY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans+Mono|Arimo:400,400i,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acd19151910c59d2778486c3b23417ee747e5a0330faa320ed2aef7986e6fa9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 03:06:59 GMT
x-content-type-options: nosniff
age: 388623
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10936
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 21:16:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jan 2024 03:06:59 GMT

GET
H2 206 NTLMRawUnHide.mp4
www.mike-gualtieri.com/images/posts/ 80 KB
0 242ms
241ms Media
video/mp4 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/images/posts/NTLMRawUnHide.mp4

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:02 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Jun 2020 14:06:29 GMT
server: Apache
etag: "351f89-5a8fd37267cc5"
x-frame-options: DENY
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 0-3481480/3481481
accept-ranges: bytes
Content-Length: 3481481
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 P5sMzZCDf9_T_10axCF8jA.woff2
fonts.gstatic.com/s/arimo/v27/ 16 KB
16 KB 29ms
29ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arimo/v27/P5sMzZCDf9_T_10axCF8jA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans+Mono|Arimo:400,400i,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8c2278ca1dd73380f2b840394ed93a6243fd9337314eb8fcc4ef6cbe1b30a2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.mike-gualtieri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 06 Jan 2023 14:49:07 GMT
x-content-type-options: nosniff
age: 260095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16108
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 21:22:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 14:49:07 GMT

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
54 B 114ms
51ms Image
image/gif 2a00:1450:400d:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=304015363&utmhn=www.mike-gualtieri.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Live%20off%20the%20Land%20and%20Crack%20the%20NTLMSSP%20Protocol%20%3A%3A%20Mike%20Gualtieri&utmhid=1310702304&utmr=-&utmp=%2Fposts%2Flive-off-the-land-and-crack-the-ntlmssp-protocol&utmht=1673276642936&utmac=UA-17854150-1&utmcc=__utma%3D56526391.637983006.1673276643.1673276643.1673276643.1%3B%2B__utmz%3D56526391.1673276643.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1569613682&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.mike-gualtieri.com
URL: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.mike-gualtieri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 09 Jan 2023 15:04:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 NTLMRawUnHide.mp4
www.mike-gualtieri.com/images/posts/ 72 KB
72 KB 341ms
341ms Media
video/mp4 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/images/posts/NTLMRawUnHide.mp4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

d27b42427a42a840da70b50ae7fe56b6738ad0d4998b3e62e3bfe75c498ac61b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=3407872-

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:03 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Jun 2020 14:06:29 GMT
server: Apache
etag: "351f89-5a8fd37267cc5"
x-frame-options: DENY
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 3407872-3481480/3481481
accept-ranges: bytes
Content-Length: 73609
x-xss-protection: 1; mode=block

GET
H2 206 NTLMRawUnHide.mp4
www.mike-gualtieri.com/images/posts/ 672 KB
0 108ms
107ms Media
video/mp4 52.5.81.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.mike-gualtieri.com/images/posts/NTLMRawUnHide.mp4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.5.81.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-81-224.compute-1.amazonaws.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.mike-gualtieri.com/posts/live-off-the-land-and-crack-the-ntlmssp-protocol
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=65536-

Response headers

content-security-policy: upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
date: Mon, 09 Jan 2023 15:04:03 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Jun 2020 14:06:29 GMT
server: Apache
etag: "351f89-5a8fd37267cc5"
x-frame-options: DENY
content-type: video/mp4
access-control-allow-origin: *
Content-Range: bytes 65536-3481480/3481481
accept-ranges: bytes
Content-Length: 3415945
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mike-gualtieri.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8qmifjajk0m94ljm47jg7a54ju
.mike-gualtieri.com/	1970-01-20 18:23:56	Name: __utma Value: 56526391.637983006.1673276643.1673276643.1673276643.1
.mike-gualtieri.com/	1969-12-31 23:59:59	Name: __utmc Value: 56526391
.mike-gualtieri.com/	1970-01-20 13:10:44	Name: __utmz Value: 56526391.1673276643.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.mike-gualtieri.com/	1970-01-20 08:47:57	Name: __utmt Value: 1
.mike-gualtieri.com/	1970-01-20 08:47:58	Name: __utmb Value: 56526391.1.10.1673276643

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com; connect-src 'self' ssl.google-analytics.com; img-src 'self' makerf.com www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' goeris.com maxcdn.bootstrapcdn.com ajax.googleapis.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com; report-uri /csp-violation-report-endpoint
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
ssl.google-analytics.com
www.mike-gualtieri.com
2606:4700::6812:acf
2a00:1450:4001:80b::200a
2a00:1450:4001:813::2003
2a00:1450:400d:802::2008
52.5.81.224
0454a824b96ca5f6d86b263d326ff42b28d701d736c20e6fe73e1c634e079d59
0984bc86149860a2a68b67d5ce514f5b9f479f5024c994b91d8b089ebfbc84d1
0a60dc52422270e32a0ad2e2892e2fcb362c1de3d1d8575988131cdf3e93a8d3
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
1a8e7108949ee83e8eeadd9cd0ed0f98bd8870f2afa75c26ccdc9e795fb58e30
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
1ff84f1e03eb15dedc4668f0817372b734934076bc936e12c5c0bd3944dab0c0
2216c124929463f1c09ba6403534501c9f1b42a985480ad5c67593d8c01ba1ca
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3b5801a8b46b6c50070d19c17550f51d2ea4b2863d09f376f62a54b09b44a3b7
4311056b420beb7e06527e3710666aa248692cc12e1fb2baf4a2cc6119776ae9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
757d720232843b13c806f384c82e625ce134d39f03014110270daf027af13411
76c8888b2e2785ee9a25c1c589ea5b8274efbbf30acf823bcbff40d56721169e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8b675e8064e4c0d54ad48fcc2706130cb52d2325d590a4042fda55d6ffe0b8fa
acd19151910c59d2778486c3b23417ee747e5a0330faa320ed2aef7986e6fa9b
b510960c50e92ee63dc1f51cc049009ac86edc09bdba11806b153b92db951b95
b7229041bc89bccc4d200052f3cae128976c7727b9ba7fdccfc4d0d35cc07a97
b73390b93ee2a7ce10c0dc6e0186cb0b50d501dd38dec8580d50b5d152c88062
b8c2278ca1dd73380f2b840394ed93a6243fd9337314eb8fcc4ef6cbe1b30a2c
c67980224c170e0d52bb94f4e97d6ca7bd5a2d2d04bb5ff3589506dbffa663b7
cabfec46986f4208202e59fdaf6e85145f7539c01721073ff16b7cb361218bd2
d27b42427a42a840da70b50ae7fe56b6738ad0d4998b3e62e3bfe75c498ac61b
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
daec7e364a8c3675880788541bf66bc7537376c275aae7bf970b542eaebb2173
df51da43a602d38e36e7fca6bcd55c0a54973ad4f4cca1c92aa8d70044edead8
e03553092f8d7ac127d12ed91bf4ed89e5fd85a3faea526180d2afddcfdd00af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
efb5881d50dd3e63ea12419b5188490c0a19fede54bfadf98c5729e9d676ccc4
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

www.mike-gualtieri.com Open in urlscan Pro 52.5.81.224 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

34 Requests

100 %HTTPS

80 %IPv6

5 Domains

5 Subdomains

6 IPs

3 Countries

2848 kBTransfer

3889 kBSize

6 Cookies

16 Outgoing links

Redirected requests

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.mike-gualtieri.com Open in urlscan Pro
52.5.81.224 Public Scan

Screenshot
Live screenshot

Full Image

34
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

2848 kB
Transfer

3889 kB
Size

6
Cookies

34 HTTP transactions
7 data transactions