blog.stealthbits.com Open in urlscan Pro
72.52.131.85  Public Scan

17 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://t.co/f55XUSyx1k Page URL
2. https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	f55XUSyx1k Show response t.co/	393 B 525 B	240ms 162ms	Document text/html	104.244.42.69 TWITTER
General Check archive.org Show headers Download Go to Full URL https://t.co/f55XUSyx1k Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.244.42.69 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash 63f1c818850580cbaf66d7126971e6c9bf391ca8275a5d68cb62c4b6e5fed1f4 Security Headers Name Value Strict-Transport-Security max-age=0 X-Xss-Protection 0 Request headers :method GET :authority t.co :scheme https :path /f55XUSyx1k pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 cache-control private,max-age=300 content-encoding gzip content-length 216 content-type text/html; charset=utf-8 date Thu, 24 Sep 2020 20:23:57 GMT expires Thu, 24 Sep 2020 20:28:57 GMT server tsa_o set-cookie muc=e5bb9e4d-057c-4993-a7dd-09d4dde4edc1; Max-Age=63072000; Expires=Sat, 24 Sep 2022 20:23:57 GMT; Domain=t.co; Secure; SameSite=None strict-transport-security max-age=0 vary Origin x-connection-hash 2214a5b4c02de572e243b3a697b8c6f2 x-response-time 121 x-xss-protection 0
GET H/1.1	200 OK	Primary Request / Show response blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/	64 KB 15 KB	429ms 144ms	Document text/html	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Requested by Host: t.co URL: https://t.co/f55XUSyx1k Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash e822d26d5837c79e95fc271d80304a13a839fba3ed36e3208b3dea726d233343 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Host blog.stealthbits.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://t.co/f55XUSyx1k Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://t.co/f55XUSyx1k Response headers Date Thu, 24 Sep 2020 20:23:57 GMT Server Apache X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block X-Content-Type-Options nosniff Vary User-Agent,Accept-Encoding Last-Modified Thu, 24 Sep 2020 18:30:55 GMT Accept-Ranges bytes Content-Encoding gzip Strict-Transport-Security max-age=31536000 Cache-Control max-age=0, no-cache, no-store, must-revalidate Pragma no-cache Expires Mon, 29 Oct 1923 20:30:00 GMT Referrer-Policy same-origin Feature-Policy geolocation 'self'; vibrate 'none' Content-Length 14691 Keep-Alive timeout=2, max=150 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	i18vd.css blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/	306 KB 47 KB	263ms 149ms	Stylesheet text/css	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash 4823c1f88956562d38d2157416e0f0c5ad140993940c2c326f9ee22b824e5d26 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:57 GMT Content-Encoding gzip Vary Accept-Encoding Last-Modified Tue, 01 Sep 2020 21:47:01 GMT Server Apache X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=31536000 Content-Type text/css Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=149 Content-Length 47576 Expires max-age=A10368000, public
GET H2	200	css fonts.googleapis.com/	8 KB 963 B	15ms 14ms	Stylesheet text/css	2a00:1450:4001:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 39ce2f334595d1c21fc4e8a163dd075bff12b5f1d6d652044c51995e04c3ab07 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff status 200 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Thu, 24 Sep 2020 20:23:41 GMT server ESF date Thu, 24 Sep 2020 20:23:57 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 24 Sep 2020 20:23:57 GMT
GET H/1.1	200 OK	2he7s.css blog.stealthbits.com/wp-content/cache/wpfc-minified/2dcvzne6/	127 B 555 B	424ms 143ms	Stylesheet text/css	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://blog.stealthbits.com/wp-content/cache/wpfc-minified/2dcvzne6/2he7s.css Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:57 GMT Content-Encoding gzip Vary Accept-Encoding Last-Modified Wed, 25 Mar 2020 18:41:48 GMT Server Apache X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=31536000 Content-Type text/css Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=150 Content-Length 112 Expires max-age=A10368000, public
GET H/1.1	200 OK	2he7s.js Show response blog.stealthbits.com/wp-content/cache/wpfc-minified/lcks3fgl/	95 KB 33 KB	427ms 146ms	Script application/javascript	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://blog.stealthbits.com/wp-content/cache/wpfc-minified/lcks3fgl/2he7s.js Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash ffa753bf822ed072fdc413eea7e9edc34ef8185a1bee55504153c9691da36be3 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:57 GMT Content-Encoding gzip Vary Accept-Encoding Last-Modified Wed, 25 Mar 2020 18:41:48 GMT Server Apache X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=31536000 Content-Type application/javascript Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=150 Content-Length 33832 Expires max-age=A10368000, public
GET H2	200	js Show response www.googletagmanager.com/gtag/	90 KB 36 KB	34ms 33ms	Script application/javascript	2a00:1450:4001:81a::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-1582554-9 Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3b544ed46002f557a8b4a8c6e5fd065ace23126bd412a485ddc3205cf14f5e72 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 24 Sep 2020 20:23:58 GMT content-encoding br vary Accept-Encoding status 200 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36412 x-xss-protection 0 last-modified Thu, 24 Sep 2020 19:32:25 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 24 Sep 2020 20:23:58 GMT
GET H/1.1	200 OK	lazy_placeholder.gif blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/images/	42 B 438 B	142ms 142ms	Image image/gif	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Strict-Transport-Security max-age=31536000 Last-Modified Mon, 17 Aug 2020 13:10:44 GMT Server Apache X-Frame-Options SAMEORIGIN Content-Type image/gif Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=149 Content-Length 42 Expires max-age=A10368000, public
GET H/1.1	200 OK	securimage_show.php blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/	4 KB 5 KB	159ms 157ms	Image image/png	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/securimage_show.php?si_sm_captcha=1&si_form_id=com&prefix=8HuUVBUAMmL7p935 Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash 5339f0bd9cc863f77cb0b00ba53fba4e953a540f6e0916b3943ad6d1e204dae4 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Thu, 24 Sep 2020 20:23:58 GMT Server Apache X-Frame-Options SAMEORIGIN Connection Keep-Alive Content-Type image/png Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Transfer-Encoding chunked Strict-Transport-Security max-age=31536000 Keep-Alive timeout=2, max=148 Expires Mon, 26 Jul 1997 05:00:00 GMT
GET H/1.1	200 OK	refresh.png blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/images/	1 KB 1 KB	143ms 141ms	Image image/png	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://blog.stealthbits.com/wp-content/plugins/si-captcha-for-wordpress/captcha/images/refresh.png Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash 7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Strict-Transport-Security max-age=31536000 Last-Modified Mon, 25 Sep 2017 13:29:16 GMT Server Apache X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=149 Content-Length 1106 Expires max-age=A10368000, public
GET H/1.1	200 OK	free-trial-btn.png blog.stealthbits.com/wp-content/uploads/2020/04/	506 B 903 B	144ms 143ms	Image image/png	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://blog.stealthbits.com/wp-content/uploads/2020/04/free-trial-btn.png Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash f0b43dd10eb95ff05af52acee50858034fc881711ef37c815f0254b52e6a737b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Strict-Transport-Security max-age=31536000 Last-Modified Thu, 23 Apr 2020 15:30:27 GMT Server Apache X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=150 Content-Length 506 Expires max-age=A10368000, public
GET H/1.1	200 OK	autoptimize_5a68e071b9b43ff7f24c90c84df4901c.js Show response blog.stealthbits.com/wp-content/cache/autoptimize/js/	93 KB 26 KB	288ms 144ms	Script application/javascript	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://blog.stealthbits.com/wp-content/cache/autoptimize/js/autoptimize_5a68e071b9b43ff7f24c90c84df4901c.js Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash 1ed0f35f4e05bf84910677f99464193bab31686d9b25cf7e3fd85494fbc397c5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Content-Encoding gzip Vary Accept-Encoding Last-Modified Thu, 24 Sep 2020 18:30:45 GMT Server Apache X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=31536000 Content-Type application/javascript Cache-Control max-age=10368000, public, immutable Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=149 Content-Length 26326 Expires max-age=A10368000, public
GET H2	200	page.js Show response static.addtoany.com/menu/	82 KB 27 KB	45ms 31ms	Script application/javascript	2606:4700:10::6816:47c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.addtoany.com/menu/page.js Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 85773da1634790be2ad363edf70229ca221eb27e01464a97f2f05d2becb18a74 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 24 Sep 2020 20:23:58 GMT via e3s x-content-type-options nosniff cf-cache-status HIT age 138952 p3p CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT" status 200 content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 0563628854000065093693e200000001 last-modified Thu, 20 Aug 2020 05:47:23 GMT server cloudflare etag W/"146a0-5ad48a780f423" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 vary Accept-Encoding cache-control public, max-age=172800 cf-ray 5d7f39ed596a6509-FRA cf-bgj minify
GET H/1.1	200 OK	cropped-SB-Blog-Site-Header-2020-01-1.png blog.stealthbits.com/wp-content/uploads/2020/03/	104 KB 105 KB	293ms 142ms	Image image/png	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://blog.stealthbits.com/wp-content/uploads/2020/03/cropped-SB-Blog-Site-Header-2020-01-1.png Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash 6890ff5273b90895d77716682d8ac644078dc7b95965746250690294d3cbfecc Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Strict-Transport-Security max-age=31536000 Last-Modified Mon, 16 Mar 2020 17:24:31 GMT Server Apache X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=147 Content-Length 106625 Expires max-age=A10368000, public
GET H/1.1	200 OK	loading.gif blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/css/	2 KB 2 KB	224ms 140ms	Image image/gif	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://blog.stealthbits.com/wp-content/plugins/a3-lazy-load/assets/css/loading.gif Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Strict-Transport-Security max-age=31536000 Last-Modified Mon, 17 Aug 2020 13:10:44 GMT Server Apache X-Frame-Options SAMEORIGIN Content-Type image/gif Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=148 Content-Length 1690 Expires max-age=A10368000, public
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2 fonts.gstatic.com/s/sourcesanspro/v14/	13 KB 13 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7lujVj9w.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://blog.stealthbits.com Referer https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 22 Sep 2020 18:24:39 GMT x-content-type-options nosniff last-modified Tue, 15 Sep 2020 18:10:14 GMT server sffe age 179959 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 13324 x-xss-protection 0 expires Wed, 22 Sep 2021 18:24:39 GMT
GET H2	200	S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 fonts.gstatic.com/s/lato/v17/	14 KB 14 KB	6ms 5ms	Font font/woff2	2a00:1450:4001:81b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://blog.stealthbits.com Referer https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 22 Sep 2020 18:23:58 GMT x-content-type-options nosniff last-modified Tue, 15 Sep 2020 18:12:25 GMT server sffe age 180000 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14176 x-xss-protection 0 expires Wed, 22 Sep 2021 18:23:58 GMT
GET H2	200	S6uyw4BMUTPHjx4wXiWtFCc.woff2 fonts.gstatic.com/s/lato/v17/	14 KB 14 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://blog.stealthbits.com Referer https://fonts.googleapis.com/css?family=Lato:400,300italic,700|Source+Sans+Pro:400,400italic User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 22 Sep 2020 18:24:58 GMT x-content-type-options nosniff last-modified Tue, 15 Sep 2020 18:12:59 GMT server sffe age 179940 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14044 x-xss-protection 0 expires Wed, 22 Sep 2021 18:24:58 GMT
GET H/1.1	200 OK	fontawesome-webfont.woff2 blog.stealthbits.com/wp-content/themes/nisarg/font-awesome/fonts/	55 KB 56 KB	265ms 147ms	Font application/font-woff2	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://blog.stealthbits.com/wp-content/themes/nisarg/font-awesome/fonts/fontawesome-webfont.woff2?v=4.3.0 Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Origin https://blog.stealthbits.com Referer https://blog.stealthbits.com/wp-content/cache/wpfc-minified/qxpuq029/i18vd.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Strict-Transport-Security max-age=31536000 Last-Modified Fri, 12 Oct 2018 16:13:35 GMT Server Apache X-Frame-Options SAMEORIGIN Content-Type application/font-woff2 Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=148 Content-Length 56780 Expires max-age=A10368000, public
GET H2	200	analytics.js Show response www.google-analytics.com/	45 KB 18 KB	6ms 6ms	Script text/javascript	2a00:1450:4001:820::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-1582554-9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 09 Sep 2020 01:50:37 GMT server Golfe2 age 6617 date Thu, 24 Sep 2020 18:33:41 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18650 expires Thu, 24 Sep 2020 20:33:41 GMT
GET DATA	200 OK	truncated /	34 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/gif
GET H2	200	icons.29.svg.js Show response static.addtoany.com/menu/svg/	78 KB 33 KB	19ms 18ms	Script application/javascript	2606:4700:10::6816:47c5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static.addtoany.com/menu/svg/icons.29.svg.js Requested by Host: static.addtoany.com URL: https://static.addtoany.com/menu/page.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:47c5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 24 Sep 2020 20:23:58 GMT via e3s x-content-type-options nosniff cf-cache-status HIT age 2678708 p3p CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT" status 200 content-encoding br alt-svc h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 cf-request-id 05636288a9000065093693f200000001 last-modified Mon, 31 Dec 2018 23:29:11 GMT server cloudflare etag W/"13937-57e59c7b88bd6" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=31536000; includeSubDomains; preload content-type application/javascript; charset=utf-8 vary Accept-Encoding cache-control max-age=315360000, immutable cf-ray 5d7f39edd9956509-FRA cf-bgj minify
POST H3-Q050	200	collect Show response www.google-analytics.com/j/	2 B 68 B	13ms 13ms	XHR text/plain	2a00:1450:4001:821::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j86&a=136854501&t=pageview&_s=1&dl=https%3A%2F%2Fblog.stealthbits.com%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&dr=https%3A%2F%2Ft.co%2Ff55XUSyx1k&ul=en-us&de=UTF-8&dt=Extracting%20Password%20Hashes%20from%20the%20Ntds.dit%20File%20%7C%20Insider%20Threat%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUADQAAAAC~&jid=91892071&gjid=1244403086&cid=1315723460.1600979038&tid=UA-1582554-9&_gid=873529764.1600979038&_r=1&gtm=2ou9g1&z=2102958076 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 24 Sep 2020 20:23:58 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 status 200 content-type text/plain access-control-allow-origin https://blog.stealthbits.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-Q050	200	js Show response www.google-analytics.com/gtm/	79 KB 31 KB	18ms 18ms	Script application/javascript	2a00:1450:4001:821::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/gtm/js?id=GTM-WW58PPS&t=gtag_UA_1582554_9&cid=1315723460.1600979038 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 53a8622ef112a57e17990fc6f3422e34ef7ab17f766d04f9d52c7c431e49197c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 24 Sep 2020 20:23:58 GMT content-encoding br vary Accept-Encoding status 200 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31997 x-xss-protection 0 last-modified Thu, 24 Sep 2020 19:32:25 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 24 Sep 2020 20:23:58 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 90 B	14ms 14ms	XHR text/plain	2a00:1450:400c:c0c::9c GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=UA-1582554-9&cid=1315723460.1600979038&jid=91892071&gjid=1244403086&_gid=873529764.1600979038&_u=IEBAAUACQAAAAC~&z=67001753 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Thu, 24 Sep 2020 20:23:58 GMT status 200 content-type text/plain access-control-allow-origin https://blog.stealthbits.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3-Q050	200	collect www.google-analytics.com/	35 B 62 B	6ms 6ms	Image image/gif	2a00:1450:4001:821::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j86&a=136854501&t=pageview&_s=2&dl=https%3A%2F%2Fblog.stealthbits.com%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&dr=https%3A%2F%2Ft.co%2Ff55XUSyx1k&ul=en-us&de=UTF-8&dt=Extracting%20Password%20Hashes%20from%20the%20Ntds.dit%20File%20%7C%20Insider%20Threat%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAAUADQAAAAC~&jid=&gjid=&cid=1315723460.1600979038&uid=USER_ID&tid=UA-1582554-9&_gid=873529764.1600979038&gtm=2ou9g1&z=53909938 Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 23 Sep 2020 20:27:43 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 86175 status 200 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 106 B	31ms 30ms	Image image/gif	2a00:1450:4001:824::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1582554-9&cid=1315723460.1600979038&jid=91892071&_u=IEBAAUACQAAAAC~&z=365764536 Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 24 Sep 2020 20:23:58 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-type image/gif alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 106 B	29ms 29ms	Image image/gif	2a00:1450:4001:818::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j86&tid=UA-1582554-9&cid=1315723460.1600979038&jid=91892071&_u=IEBAAUACQAAAAC~&z=365764536 Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 24 Sep 2020 20:23:58 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" status 200 cache-control no-cache, no-store, must-revalidate content-type image/gif alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H/1.1	201 Created	popular-posts Show response blog.stealthbits.com/wp-json/wordpress-popular-posts/v1/	55 B 1 KB	304ms 304ms	XHR application/json	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://blog.stealthbits.com/wp-json/wordpress-popular-posts/v1/popular-posts Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/wp-content/cache/autoptimize/js/autoptimize_5a68e071b9b43ff7f24c90c84df4901c.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash f326000d2f7e294eefb27938bc149f765f3196e0fd226bc8c37493cd1dde368c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-type application/x-www-form-urlencoded Response headers Date Thu, 24 Sep 2020 20:23:58 GMT X-Content-Type-Options nosniff Access-Control-Allow-Headers Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type Transfer-Encoding chunked Connection Keep-Alive Vary Origin Link <https://blog.stealthbits.com/wp-json/>; rel="https://api.w.org/" Allow GET, POST Server Apache X-Frame-Options SAMEORIGIN Strict-Transport-Security max-age=31536000 Access-Control-Allow-Methods OPTIONS, GET, POST, PUT, PATCH, DELETE Content-Type application/json; charset=UTF-8 Access-Control-Allow-Origin https://blog.stealthbits.com X-WP-Nonce bd33e1a940 Access-Control-Allow-Credentials true X-Robots-Tag noindex Keep-Alive timeout=2, max=148 Access-Control-Expose-Headers X-WP-Total, X-WP-TotalPages, Link
GET H/1.1	200 OK	Blo-Series-Active-Directory-Attacks-and-How-to-Protect-Agaisnt-Them-1.jpg blog.stealthbits.com/wp-content/uploads/2017/03/	60 KB 60 KB	141ms 141ms	Image image/jpeg	72.52.131.85 LIQUIDWEB
General Check archive.org Show headers Download Go to Show image Full URL https://blog.stealthbits.com/wp-content/uploads/2017/03/Blo-Series-Active-Directory-Attacks-and-How-to-Protect-Agaisnt-Them-1.jpg Requested by Host: blog.stealthbits.com URL: https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 72.52.131.85 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS Software Apache / Resource Hash dd6d9a8e3d7efc450047271ec735fdef043065640a616e3b5b566eed2ce81030 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN Request headers Referer https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 24 Sep 2020 20:23:58 GMT Strict-Transport-Security max-age=31536000 Last-Modified Mon, 13 Mar 2017 19:08:11 GMT Server Apache X-Frame-Options SAMEORIGIN Content-Type image/jpeg Cache-Control max-age=10368000 Connection keep-alive, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=2, max=147 Content-Length 61531 Expires max-age=A10368000, public

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes undefined| $ function| jQuery object| es_data object| GDPR object| a2a_config function| gtag object| dataLayer object| screenReaderText object| a3_lazyload_params object| a3_lazyload_extend_params object| boxzilla_options object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| a2a function| a2a_show_dropdown function| a2a_miniLeaveDelay function| a2a_init number| a2apage_init object| icons string| svg_tag_open string| svg_tag_close undefined| svg_src undefined| svg_src_default object| gaplugins object| gaGlobal object| gaData undefined| color object| google_optimize object| wpp_params object| WordPressPopularPosts function| si_captcha_refresh object| ak_js object| commentForm undefined| replyRowContainer undefined| children object| jQuery11240297527627985539 function| has_consent function| is_allowed_cookie object| addComment object| Boxzilla object| wp number| height

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			blog.stealthbits.com/	1970-01-19 21:28:35	Name: gdpr[allowed_cookies] Value: %5B%22%22%5D
			blog.stealthbits.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0e535190a0813ab7c153d8b2bfdc66ef
			.stealthbits.com/	1970-01-19 12:42:59	Name: _gat_gtag_UA_1582554_9 Value: 1
			.stealthbits.com/	1970-01-19 12:44:25	Name: _gid Value: GA1.2.873529764.1600979038
			blog.stealthbits.com/	1970-01-19 21:28:35	Name: gdpr[consent_types] Value: %5B%5D
			.stealthbits.com/	1970-01-20 06:14:11	Name: _ga Value: GA1.2.1315723460.1600979038

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.stealthbits.com
fonts.googleapis.com
fonts.gstatic.com
static.addtoany.com
stats.g.doubleclick.net
t.co
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
104.244.42.69
2606:4700:10::6816:47c5
2a00:1450:4001:802::200a
2a00:1450:4001:818::2003
2a00:1450:4001:81a::2008
2a00:1450:4001:81b::2003
2a00:1450:4001:820::200e
2a00:1450:4001:821::200e
2a00:1450:4001:824::2004
2a00:1450:400c:c0c::9c
72.52.131.85
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ed0f35f4e05bf84910677f99464193bab31686d9b25cf7e3fd85494fbc397c5
39ce2f334595d1c21fc4e8a163dd075bff12b5f1d6d652044c51995e04c3ab07
3b544ed46002f557a8b4a8c6e5fd065ace23126bd412a485ddc3205cf14f5e72
4823c1f88956562d38d2157416e0f0c5ad140993940c2c326f9ee22b824e5d26
5339f0bd9cc863f77cb0b00ba53fba4e953a540f6e0916b3943ad6d1e204dae4
53a8622ef112a57e17990fc6f3422e34ef7ab17f766d04f9d52c7c431e49197c
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
63f1c818850580cbaf66d7126971e6c9bf391ca8275a5d68cb62c4b6e5fed1f4
6890ff5273b90895d77716682d8ac644078dc7b95965746250690294d3cbfecc
7efa72f5d3878a1f7145d552d8d2186bac3942fce7b3d7e3a51550c3bc9ab3cb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85773da1634790be2ad363edf70229ca221eb27e01464a97f2f05d2becb18a74
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
a2f1b190e5d5a3063c35b75b1a00c039b13e171eb7b099299dcb67e9e4fe65cd
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
b6e4dff920e21e3f436a014140d01d43c97177e007556ede69f772f08cb7a7ec
dd6d9a8e3d7efc450047271ec735fdef043065640a616e3b5b566eed2ce81030
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e822d26d5837c79e95fc271d80304a13a839fba3ed36e3208b3dea726d233343
ecf76895be1cf9e8b3edb254030e9c9c1d8f3c2efc1f9dc7e04ceff29eccae9c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0b43dd10eb95ff05af52acee50858034fc881711ef37c815f0254b52e6a737b
f326000d2f7e294eefb27938bc149f765f3196e0fd226bc8c37493cd1dde368c
ffa753bf822ed072fdc413eea7e9edc34ef8185a1bee55504153c9691da36be3