Submitted URL: https://t.co/f55XUSyx1k
Effective URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Submission: On September 24 via api from US

Summary

This website contacted 12 IPs in 3 countries across 10 domains to perform 29 HTTP transactions. The main IP is 72.52.131.85, located in Lansing, United States and belongs to LIQUIDWEB, US. The main domain is blog.stealthbits.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 24th 2018. Valid for: 2 years.
This is the only time blog.stealthbits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
14 blog.stealthbits.com t.co
blog.stealthbits.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
blog.stealthbits.com
3 fonts.gstatic.com fonts.googleapis.com
2 static.addtoany.com blog.stealthbits.com
static.addtoany.com
1 www.google.de blog.stealthbits.com
1 www.google.com blog.stealthbits.com
1 stats.g.doubleclick.net www.google-analytics.com
1 www.googletagmanager.com blog.stealthbits.com
1 fonts.googleapis.com blog.stealthbits.com
1 t.co
29 10
Subject Issuer Validity Valid
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
downloads.stealthbits.com
Go Daddy Secure Certificate Authority - G2
2018-10-24 -
2020-10-24
2 years crt.sh
upload.video.google.com
GTS CA 1O1
2020-08-26 -
2020-11-18
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-08-26 -
2020-11-18
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-05 -
2021-08-05
a year crt.sh
*.gstatic.com
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
www.google.com
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh
www.google.de
GTS CA 1O1
2020-09-03 -
2020-11-26
3 months crt.sh

This page contains 1 frames:

Primary Page: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Frame ID: F8BBD30EC922911D74FFBF486EB26E1B
Requests: 30 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://t.co/f55XUSyx1k Page URL
  2. https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • meta generator /^WordPress ?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • meta generator /^WordPress ?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • meta generator /^WordPress ?([\d.]+)?/i

Overall confidence: 100%
Detected patterns
  • script /addtoany\.com\/menu\/page\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

29
Requests

100 %
HTTPS

82 %
IPv6

10
Domains

10
Subdomains

12
IPs

3
Countries

541 kB
Transfer

1209 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/f55XUSyx1k Page URL
  2. https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
f55XUSyx1k
t.co/
393 B
525 B
Document
General
Full URL
https://t.co/f55XUSyx1k
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
63f1c818850580cbaf66d7126971e6c9bf391ca8275a5d68cb62c4b6e5fed1f4
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

:method
GET
:authority
t.co
:scheme
https
:path
/f55XUSyx1k
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
cache-control
private,max-age=300
content-encoding
gzip
content-length
216
content-type
text/html; charset=utf-8
date
Thu, 24 Sep 2020 20:23:57 GMT
expires
Thu, 24 Sep 2020 20:28:57 GMT
server
tsa_o
set-cookie
muc=e5bb9e4d-057c-4993-a7dd-09d4dde4edc1; Max-Age=63072000; Expires=Sat, 24 Sep 2022 20:23:57 GMT; Domain=t.co; Secure; SameSite=None
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
2214a5b4c02de572e243b3a697b8c6f2
x-response-time
121
x-xss-protection
0
Primary Request /
blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
64 KB
15 KB
Document
General
Full URL
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Requested by
Host: t.co
URL: https://t.co/f55XUSyx1k
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
e822d26d5837c79e95fc271d80304a13a839fba3ed36e3208b3dea726d233343
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
blog.stealthbits.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://t.co/f55XUSyx1k
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://t.co/f55XUSyx1k

Response headers

Date
Thu, 24 Sep 2020 20:23:57 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
Vary
User-Agent,Accept-Encoding
Last-Modified
Thu, 24 Sep 2020 18:30:55 GMT
Accept-Ranges
bytes
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000
Cache-Control
max-age=0, no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
Mon, 29 Oct 1923 20:30:00 GMT
Referrer-Policy
same-origin
Feature-Policy
geolocation 'self'; vibrate 'none'
Content-Length
14691
Keep-Alive
timeout=2, max=150
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
i18vd.css
blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/
306 KB
47 KB
Stylesheet
General
Full URL
https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
4823c1f88956562d38d2157416e0f0c5ad140993940c2c326f9ee22b824e5d26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Tue, 01 Sep 2020 21:47:01 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=149
Content-Length
47576
Expires
max-age=A10368000, public
css
fonts.googleapis.com/
8 KB
963 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
39ce2f334595d1c21fc4e8a163dd075bff12b5f1d6d652044c51995e04c3ab07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 24 Sep 2020 20:23:41 GMT
server
ESF
date
Thu, 24 Sep 2020 20:23:57 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 24 Sep 2020 20:23:57 GMT
2he7s.css
blog.stealthbits.com/wp-content/cache/wpfc-minified/2dcvzne6/
127 B
555 B
Stylesheet
General
Full URL
https://blog.stealthbits.com/wp-content/cache/wpfc-minified/2dcvzne6/2he7s.css
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Wed, 25 Mar 2020 18:41:48 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=150
Content-Length
112
Expires
max-age=A10368000, public
2he7s.js
blog.stealthbits.com/wp-content/cache/wpfc-minified/lcks3fgl/
95 KB
33 KB
Script
General
Full URL
https://blog.stealthbits.com/wp-content/cache/wpfc-minified/lcks3fgl/2he7s.js
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
ffa753bf822ed072fdc413eea7e9edc34ef8185a1bee55504153c9691da36be3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:57 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Wed, 25 Mar 2020 18:41:48 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=150
Content-Length
33832
Expires
max-age=A10368000, public
js
www.googletagmanager.com/gtag/
90 KB
36 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-1582554-9
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3b544ed46002f557a8b4a8c6e5fd065ace23126bd412a485ddc3205cf14f5e72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Sep 2020 20:23:58 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36412
x-xss-protection
0
last-modified
Thu, 24 Sep 2020 19:32:25 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 24 Sep 2020 20:23:58 GMT
lazy_placeholder.gif
blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/images/
42 B
438 B
Image
General
Full URL
https://blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 17 Aug 2020 13:10:44 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=149
Content-Length
42
Expires
max-age=A10368000, public
securimage_show.php
blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/
4 KB
5 KB
Image
General
Full URL
https://blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/securimage_show.php?si_sm_captcha=1&si_form_id=com&prefix=8HuUVBUAMmL7p935
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
5339f0bd9cc863f77cb0b00ba53fba4e953a540f6e0916b3943ad6d1e204dae4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 24 Sep 2020 20:23:58 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Keep-Alive
timeout=2, max=148
Expires
Mon, 26 Jul 1997 05:00:00 GMT
refresh.png
blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/images/
1 KB
1 KB
Image
General
Full URL
https://blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/images/refresh.png
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 25 Sep 2017 13:29:16 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=149
Content-Length
1106
Expires
max-age=A10368000, public
free-trial-btn.png
blog.stealthbits.com/wp-content/uploads/2020/04/
506 B
903 B
Image
General
Full URL
https://blog.stealthbits.com/wp-content/uploads/2020/04/free-trial-btn.png
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
f0b43dd10eb95ff05af52acee50858034fc881711ef37c815f0254b52e6a737b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Thu, 23 Apr 2020 15:30:27 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=150
Content-Length
506
Expires
max-age=A10368000, public
autoptimize_5a68e071b9b43ff7f24c90c84df4901c.js
blog.stealthbits.com/wp-content/cache/autoptimize/js/
93 KB
26 KB
Script
General
Full URL
https://blog.stealthbits.com/wp-content/cache/autoptimize/js/autoptimize_5a68e071b9b43ff7f24c90c84df4901c.js
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
1ed0f35f4e05bf84910677f99464193bab31686d9b25cf7e3fd85494fbc397c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Thu, 24 Sep 2020 18:30:45 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Cache-Control
max-age=10368000, public, immutable
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=149
Content-Length
26326
Expires
max-age=A10368000, public
page.js
static.addtoany.com/menu/
82 KB
27 KB
Script
General
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85773da1634790be2ad363edf70229ca221eb27e01464a97f2f05d2becb18a74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Sep 2020 20:23:58 GMT
via
e3s
x-content-type-options
nosniff
cf-cache-status
HIT
age
138952
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status
200
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0563628854000065093693e200000001
last-modified
Thu, 20 Aug 2020 05:47:23 GMT
server
cloudflare
etag
W/"146a0-5ad48a780f423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=172800
cf-ray
5d7f39ed596a6509-FRA
cf-bgj
minify
cropped-SB-Blog-Site-Header-2020-01-1.png
blog.stealthbits.com/wp-content/uploads/2020/03/
104 KB
105 KB
Image
General
Full URL
https://blog.stealthbits.com/wp-content/uploads/2020/03/cropped-SB-Blog-Site-Header-2020-01-1.png
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
6890ff5273b90895d77716682d8ac644078dc7b95965746250690294d3cbfecc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 16 Mar 2020 17:24:31 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=147
Content-Length
106625
Expires
max-age=A10368000, public
loading.gif
blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/css/
2 KB
2 KB
Image
General
Full URL
https://blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/css/loading.gif
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 17 Aug 2020 13:10:44 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=148
Content-Length
1690
Expires
max-age=A10368000, public
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
fonts.gstatic.com/s/sourcesanspro/v14/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.stealthbits.com
Referer
https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:24:39 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:10:14 GMT
server
sffe
age
179959
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13324
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:24:39 GMT
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v17/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.stealthbits.com
Referer
https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:23:58 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:25 GMT
server
sffe
age
180000
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14176
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:23:58 GMT
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.stealthbits.com
Referer
https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 22 Sep 2020 18:24:58 GMT
x-content-type-options
nosniff
last-modified
Tue, 15 Sep 2020 18:12:59 GMT
server
sffe
age
179940
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Wed, 22 Sep 2021 18:24:58 GMT
fontawesome-webfont.woff2
blog.stealthbits.com/wp-content/themes/nisarg/font-awesome/fonts/
55 KB
56 KB
Font
General
Full URL
https://blog.stealthbits.com/wp-content/themes/nisarg/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://blog.stealthbits.com
Referer
https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Fri, 12 Oct 2018 16:13:35 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff2
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=148
Content-Length
56780
Expires
max-age=A10368000, public
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1582554-9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
6617
date
Thu, 24 Sep 2020 18:33:41 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Thu, 24 Sep 2020 20:33:41 GMT
truncated
/
34 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
icons.29.svg.js
static.addtoany.com/menu/svg/
78 KB
33 KB
Script
General
Full URL
https://static.addtoany.com/menu/svg/icons.29.svg.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Sep 2020 20:23:58 GMT
via
e3s
x-content-type-options
nosniff
cf-cache-status
HIT
age
2678708
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status
200
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
05636288a9000065093693f200000001
last-modified
Mon, 31 Dec 2018 23:29:11 GMT
server
cloudflare
etag
W/"13937-57e59c7b88bd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
max-age=315360000, immutable
cf-ray
5d7f39edd9956509-FRA
cf-bgj
minify
collect
www.google-analytics.com/j/
2 B
68 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=136854501&t=pageview&_s=1&dl=https%3A%2F%2Fblog.stealthbits.com%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&dr=https%3A%2F%2Ft.co%2Ff55XUSyx1k&ul=en-us&de=UTF-8&dt=Extracting%20Password%20Hashes%20from%20the%20Ntds.dit%20File%20%7C%20Insider%20Threat%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUADQAAAAC~&jid=91892071&gjid=1244403086&cid=1315723460.1600979038&tid=UA-1582554-9&_gid=873529764.1600979038&_r=1&gtm=2ou9g1&z=2102958076
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 24 Sep 2020 20:23:58 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://blog.stealthbits.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.google-analytics.com/gtm/
79 KB
31 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-WW58PPS&t=gtag_UA_1582554_9&cid=1315723460.1600979038
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
53a8622ef112a57e17990fc6f3422e34ef7ab17f766d04f9d52c7c431e49197c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 24 Sep 2020 20:23:58 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31997
x-xss-protection
0
last-modified
Thu, 24 Sep 2020 19:32:25 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 24 Sep 2020 20:23:58 GMT
collect
stats.g.doubleclick.net/j/
4 B
90 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-1582554-9&cid=1315723460.1600979038&jid=91892071&gjid=1244403086&_gid=873529764.1600979038&_u=IEBAAUACQAAAAC~&z=67001753
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 24 Sep 2020 20:23:58 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://blog.stealthbits.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
62 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j86&a=136854501&t=pageview&_s=2&dl=https%3A%2F%2Fblog.stealthbits.com%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&dr=https%3A%2F%2Ft.co%2Ff55XUSyx1k&ul=en-us&de=UTF-8&dt=Extracting%20Password%20Hashes%20from%20the%20Ntds.dit%20File%20%7C%20Insider%20Threat%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAAUADQAAAAC~&jid=&gjid=&cid=1315723460.1600979038&uid=USER_ID&tid=UA-1582554-9&_gid=873529764.1600979038&gtm=2ou9g1&z=53909938
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 23 Sep 2020 20:27:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
86175
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
106 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1582554-9&cid=1315723460.1600979038&jid=91892071&_u=IEBAAUACQAAAAC~&z=365764536
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Sep 2020 20:23:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
106 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1582554-9&cid=1315723460.1600979038&jid=91892071&_u=IEBAAUACQAAAAC~&z=365764536
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 24 Sep 2020 20:23:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
popular-posts
blog.stealthbits.com/wp-json/wordpress-popular-posts/v1/
55 B
1 KB
XHR
General
Full URL
https://blog.stealthbits.com/wp-json/wordpress-popular-posts/v1/popular-posts
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/wp-content/cache/autoptimize/js/autoptimize_5a68e071b9b43ff7f24c90c84df4901c.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
f326000d2f7e294eefb27938bc149f765f3196e0fd226bc8c37493cd1dde368c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
X-Content-Type-Options
nosniff
Access-Control-Allow-Headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
Origin
Link
<https://blog.stealthbits.com/wp-json/>; rel="https://api.w.org/"
Allow
GET, POST
Server
Apache
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Methods
OPTIONS, GET, POST, PUT, PATCH, DELETE
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://blog.stealthbits.com
X-WP-Nonce
bd33e1a940
Access-Control-Allow-Credentials
true
X-Robots-Tag
noindex
Keep-Alive
timeout=2, max=148
Access-Control-Expose-Headers
X-WP-Total, X-WP-TotalPages, Link
Blo-Series-Active-Directory-Attacks-and-How-to-Protect-Agaisnt-Them-1.jpg
blog.stealthbits.com/wp-content/uploads/2017/03/
60 KB
60 KB
Image
General
Full URL
https://blog.stealthbits.com/wp-content/uploads/2017/03/Blo-Series-Active-Directory-Attacks-and-How-to-Protect-Agaisnt-Them-1.jpg
Requested by
Host: blog.stealthbits.com
URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US),
Reverse DNS
Software
Apache /
Resource Hash
dd6d9a8e3d7efc450047271ec735fdef043065640a616e3b5b566eed2ce81030
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 24 Sep 2020 20:23:58 GMT
Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 13 Mar 2017 19:08:11 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=10368000
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=2, max=147
Content-Length
61531
Expires
max-age=A10368000, public

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes undefined| $ function| jQuery object| es_data object| GDPR object| a2a_config function| gtag object| dataLayer object| screenReaderText object| a3_lazyload_params object| a3_lazyload_extend_params object| boxzilla_options object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| a2a function| a2a_show_dropdown function| a2a_miniLeaveDelay function| a2a_init number| a2apage_init object| icons string| svg_tag_open string| svg_tag_close undefined| svg_src undefined| svg_src_default object| gaplugins object| gaGlobal object| gaData undefined| color object| google_optimize object| wpp_params object| WordPressPopularPosts function| si_captcha_refresh object| ak_js object| commentForm undefined| replyRowContainer undefined| children object| jQuery11240297527627985539 function| has_consent function| is_allowed_cookie object| addComment object| Boxzilla object| wp number| height

6 Cookies

Domain/Path Name / Value
blog.stealthbits.com/ Name: gdpr[allowed_cookies]
Value: %5B%22%22%5D
blog.stealthbits.com/ Name: PHPSESSID
Value: 0e535190a0813ab7c153d8b2bfdc66ef
.stealthbits.com/ Name: _gat_gtag_UA_1582554_9
Value: 1
.stealthbits.com/ Name: _gid
Value: GA1.2.873529764.1600979038
blog.stealthbits.com/ Name: gdpr[consent_types]
Value: %5B%5D
.stealthbits.com/ Name: _ga
Value: GA1.2.1315723460.1600979038

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.stealthbits.com
fonts.googleapis.com
fonts.gstatic.com
static.addtoany.com
stats.g.doubleclick.net
t.co
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
104.244.42.69
2606:4700:10::6816:47c5
2a00:1450:4001:802::200a
2a00:1450:4001:818::2003
2a00:1450:4001:81a::2008
2a00:1450:4001:81b::2003
2a00:1450:4001:820::200e
2a00:1450:4001:821::200e
2a00:1450:4001:824::2004
2a00:1450:400c:c0c::9c
72.52.131.85
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ed0f35f4e05bf84910677f99464193bab31686d9b25cf7e3fd85494fbc397c5
39ce2f334595d1c21fc4e8a163dd075bff12b5f1d6d652044c51995e04c3ab07
3b544ed46002f557a8b4a8c6e5fd065ace23126bd412a485ddc3205cf14f5e72
4823c1f88956562d38d2157416e0f0c5ad140993940c2c326f9ee22b824e5d26
5339f0bd9cc863f77cb0b00ba53fba4e953a540f6e0916b3943ad6d1e204dae4
53a8622ef112a57e17990fc6f3422e34ef7ab17f766d04f9d52c7c431e49197c
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
63f1c818850580cbaf66d7126971e6c9bf391ca8275a5d68cb62c4b6e5fed1f4
6890ff5273b90895d77716682d8ac644078dc7b95965746250690294d3cbfecc
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85773da1634790be2ad363edf70229ca221eb27e01464a97f2f05d2becb18a74
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
dd6d9a8e3d7efc450047271ec735fdef043065640a616e3b5b566eed2ce81030
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e822d26d5837c79e95fc271d80304a13a839fba3ed36e3208b3dea726d233343
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0b43dd10eb95ff05af52acee50858034fc881711ef37c815f0254b52e6a737b
f326000d2f7e294eefb27938bc149f765f3196e0fd226bc8c37493cd1dde368c
ffa753bf822ed072fdc413eea7e9edc34ef8185a1bee55504153c9691da36be3