blog.stealthbits.com
Open in
urlscan Pro
72.52.131.85
Public Scan
Effective URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Submission: On September 24 via api from US
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 24th 2018. Valid for: 2 years.
This is the only time blog.stealthbits.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.244.42.69 104.244.42.69 | 13414 (TWITTER) (TWITTER) | |
14 | 72.52.131.85 72.52.131.85 | 32244 (LIQUIDWEB) (LIQUIDWEB) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700:10:... 2606:4700:10::6816:47c5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:81b::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::200e | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:821::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c0c::9c | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:824::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:818::2003 | 15169 (GOOGLE) (GOOGLE) | |
29 | 12 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
stealthbits.com
blog.stealthbits.com |
354 KB |
4 |
google-analytics.com
www.google-analytics.com |
50 KB |
3 |
gstatic.com
fonts.gstatic.com |
41 KB |
2 |
addtoany.com
static.addtoany.com |
60 KB |
1 |
google.de
www.google.de |
106 B |
1 |
google.com
www.google.com |
106 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
90 B |
1 |
googletagmanager.com
www.googletagmanager.com |
36 KB |
1 |
googleapis.com
fonts.googleapis.com |
963 B |
1 |
t.co
t.co |
525 B |
29 | 10 |
Domain | Requested by | |
---|---|---|
14 | blog.stealthbits.com |
t.co
blog.stealthbits.com |
4 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com blog.stealthbits.com |
3 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | static.addtoany.com |
blog.stealthbits.com
static.addtoany.com |
1 | www.google.de |
blog.stealthbits.com
|
1 | www.google.com |
blog.stealthbits.com
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.googletagmanager.com |
blog.stealthbits.com
|
1 | fonts.googleapis.com |
blog.stealthbits.com
|
1 | t.co | |
29 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.stealthbits.com |
attack.stealthbits.com |
github.com |
hashcat.net |
technet.microsoft.com |
www.dsinternals.com |
go.stealthbits.com |
akismet.com |
www.addtoany.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert SHA2 High Assurance Server CA |
2020-03-05 - 2021-03-02 |
a year | crt.sh |
downloads.stealthbits.com Go Daddy Secure Certificate Authority - G2 |
2018-10-24 - 2020-10-24 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-05 - 2021-08-05 |
a year | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Frame ID: F8BBD30EC922911D74FFBF486EB26E1B
Requests: 30 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://t.co/f55XUSyx1k Page URL
- https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- meta generator /^WordPress ?([\d.]+)?/i
PHP (Programming Languages) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- meta generator /^WordPress ?([\d.]+)?/i
MySQL (Databases) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- meta generator /^WordPress ?([\d.]+)?/i
AddToAny (Widgets) Expand
Detected patterns
- script /addtoany\.com\/menu\/page\.js/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
17 Outgoing links
These are links going to different origins than the main page.
Title: Learn About STEALTHbits
Search URL Search Domain Scan URL
Title: Pass-the-Hash
Search URL Search Domain Scan URL
Title: Mimikatz
Search URL Search Domain Scan URL
Title: Hashcat
Search URL Search Domain Scan URL
Title: retrieve password hashes from the Ntds.dit
Search URL Search Domain Scan URL
Title: NTDSUtil
Search URL Search Domain Scan URL
Title: PowerSploit
Search URL Search Domain Scan URL
Title: PowerShell module
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Jeff Warren
Search URL Search Domain Scan URL
Title: https://www.dsinternals.com/en/dumping-ntds-dit-files-using-powershell/
Search URL Search Domain Scan URL
Title: Learn how your comment data is processed
Search URL Search Domain Scan URL
Title: Share
Search URL Search Domain Scan URL
Title: AddToAny
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/f55XUSyx1k Page URL
- https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
f55XUSyx1k
t.co/ |
393 B 525 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ |
64 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i18vd.css
blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/ |
306 KB 47 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
8 KB 963 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2he7s.css
blog.stealthbits.com/wp-content/cache/wpfc-minified/2dcvzne6/ |
127 B 555 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2he7s.js
blog.stealthbits.com/wp-content/cache/wpfc-minified/lcks3fgl/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
90 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lazy_placeholder.gif
blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/images/ |
42 B 438 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
securimage_show.php
blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
refresh.png
blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
free-trial-btn.png
blog.stealthbits.com/wp-content/uploads/2020/04/ |
506 B 903 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_5a68e071b9b43ff7f24c90c84df4901c.js
blog.stealthbits.com/wp-content/cache/autoptimize/js/ |
93 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page.js
static.addtoany.com/menu/ |
82 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cropped-SB-Blog-Site-Header-2020-01-1.png
blog.stealthbits.com/wp-content/uploads/2020/03/ |
104 KB 105 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/css/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v17/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff2
blog.stealthbits.com/wp-content/themes/nisarg/font-awesome/fonts/ |
55 KB 56 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
34 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.29.svg.js
static.addtoany.com/menu/svg/ |
78 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
collect
www.google-analytics.com/j/ |
2 B 68 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
js
www.google-analytics.com/gtm/ |
79 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 90 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
collect
www.google-analytics.com/ |
35 B 62 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 106 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 106 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
popular-posts
blog.stealthbits.com/wp-json/wordpress-popular-posts/v1/ |
55 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Blo-Series-Active-Directory-Attacks-and-How-to-Protect-Agaisnt-Them-1.jpg
blog.stealthbits.com/wp-content/uploads/2017/03/ |
60 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes undefined| $ function| jQuery object| es_data object| GDPR object| a2a_config function| gtag object| dataLayer object| screenReaderText object| a3_lazyload_params object| a3_lazyload_extend_params object| boxzilla_options object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| a2a function| a2a_show_dropdown function| a2a_miniLeaveDelay function| a2a_init number| a2apage_init object| icons string| svg_tag_open string| svg_tag_close undefined| svg_src undefined| svg_src_default object| gaplugins object| gaGlobal object| gaData undefined| color object| google_optimize object| wpp_params object| WordPressPopularPosts function| si_captcha_refresh object| ak_js object| commentForm undefined| replyRowContainer undefined| children object| jQuery11240297527627985539 function| has_consent function| is_allowed_cookie object| addComment object| Boxzilla object| wp number| height6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
blog.stealthbits.com/ | Name: gdpr[allowed_cookies] Value: %5B%22%22%5D |
|
blog.stealthbits.com/ | Name: PHPSESSID Value: 0e535190a0813ab7c153d8b2bfdc66ef |
|
.stealthbits.com/ | Name: _gat_gtag_UA_1582554_9 Value: 1 |
|
.stealthbits.com/ | Name: _gid Value: GA1.2.873529764.1600979038 |
|
blog.stealthbits.com/ | Name: gdpr[consent_types] Value: %5B%5D |
|
.stealthbits.com/ | Name: _ga Value: GA1.2.1315723460.1600979038 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blog.stealthbits.com
fonts.googleapis.com
fonts.gstatic.com
static.addtoany.com
stats.g.doubleclick.net
t.co
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
104.244.42.69
2606:4700:10::6816:47c5
2a00:1450:4001:802::200a
2a00:1450:4001:818::2003
2a00:1450:4001:81a::2008
2a00:1450:4001:81b::2003
2a00:1450:4001:820::200e
2a00:1450:4001:821::200e
2a00:1450:4001:824::2004
2a00:1450:400c:c0c::9c
72.52.131.85
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ed0f35f4e05bf84910677f99464193bab31686d9b25cf7e3fd85494fbc397c5
39ce2f334595d1c21fc4e8a163dd075bff12b5f1d6d652044c51995e04c3ab07
3b544ed46002f557a8b4a8c6e5fd065ace23126bd412a485ddc3205cf14f5e72
4823c1f88956562d38d2157416e0f0c5ad140993940c2c326f9ee22b824e5d26
5339f0bd9cc863f77cb0b00ba53fba4e953a540f6e0916b3943ad6d1e204dae4
53a8622ef112a57e17990fc6f3422e34ef7ab17f766d04f9d52c7c431e49197c
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
63f1c818850580cbaf66d7126971e6c9bf391ca8275a5d68cb62c4b6e5fed1f4
6890ff5273b90895d77716682d8ac644078dc7b95965746250690294d3cbfecc
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85773da1634790be2ad363edf70229ca221eb27e01464a97f2f05d2becb18a74
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
dd6d9a8e3d7efc450047271ec735fdef043065640a616e3b5b566eed2ce81030
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e822d26d5837c79e95fc271d80304a13a839fba3ed36e3208b3dea726d233343
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0b43dd10eb95ff05af52acee50858034fc881711ef37c815f0254b52e6a737b
f326000d2f7e294eefb27938bc149f765f3196e0fd226bc8c37493cd1dde368c
ffa753bf822ed072fdc413eea7e9edc34ef8185a1bee55504153c9691da36be3