URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimi...
Submission: On March 02 via manual from RU

Summary

This website contacted 15 IPs in 2 countries across 13 domains to perform 52 HTTP transactions. The main IP is 2606:4700::6812:191, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.ired.team.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 27th 2020. Valid for: a year.
This is the only time www.ired.team was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
16 gblobscdn.gitbook.com www.ired.team
gstatic.gitbook.com
8 gstatic.gitbook.com www.ired.team
gstatic.gitbook.com
5 s-usc1c-nss-267.firebaseio.com gstatic.gitbook.com
4 avatars.githubusercontent.com www.ired.team
3 www.google-analytics.com gstatic.gitbook.com
2 docs.microsoft.com www.ired.team
2 adepts.of0x.cc www.ired.team
2 lh5.googleusercontent.com www.ired.team
gstatic.gitbook.com
1 www.gitbook.com gstatic.gitbook.com
1 gitbook-28427.firebaseio.com gstatic.gitbook.com
1 app.gitbook.com gstatic.gitbook.com
1 cdn.lr-ingest.io gstatic.gitbook.com
1 fonts.gstatic.com fonts.googleapis.com
1 polyfill.io www.ired.team
1 unpkg.com www.ired.team
1 fonts.googleapis.com www.ired.team
1 www.ired.team
52 17
Subject Issuer Validity Valid
www.ired.team
Cloudflare Inc ECC CA-3
2020-11-27 -
2021-11-26
a year crt.sh
upload.video.google.com
GTS CA 1O1
2021-01-26 -
2021-04-20
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-02 -
2021-08-02
a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-10-26 -
2021-04-17
6 months crt.sh
*.googleusercontent.com
GTS CA 1O1
2021-01-26 -
2021-04-20
3 months crt.sh
www.github.com
DigiCert SHA2 High Assurance Server CA
2020-05-06 -
2022-04-14
2 years crt.sh
adepts.of0x.cc
R3
2021-01-30 -
2021-04-30
3 months crt.sh
docs.microsoft.com
Microsoft RSA TLS CA 01
2020-10-08 -
2021-10-08
a year crt.sh
*.gstatic.com
GTS CA 1O1
2021-01-26 -
2021-04-20
3 months crt.sh
firebaseio.com
GTS CA 1O1
2021-01-12 -
2021-07-11
6 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-01-26 -
2021-04-20
3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Frame ID: D1DEAFB57CA31AFB1E4AA90843EB3477
Requests: 46 HTTP requests in this frame

Frame: https://gitbook-28427.firebaseio.com/.lp?start=t&ser=74800665&cb=1&v=5
Frame ID: 76079B005E380425353FFB969DA2F5F9
Requests: 5 HTTP requests in this frame

Frame: https://s-usc1c-nss-267.firebaseio.com/.lp?dframe=t&id=3440459&pw=0sDxzBsCcp&ns=gitbook-28427
Frame ID: 58E854560C64056E42AB049A52CAA3E8
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Overall confidence: 100%
Detected patterns
  • script /\/polyfill\.min\.js/i

Page Statistics

52
Requests

98 %
HTTPS

93 %
IPv6

13
Domains

17
Subdomains

15
IPs

2
Countries

21010 kB
Transfer

27410 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
www.ired.team/offensive-security/credential-access-and-credential-dumping/
2 MB
440 KB
Document
General
Full URL
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:191 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f485ce8599fd6fe7c1c8c8603bc9882d88d81f7ab9b0b29b77de0d77d537ec39
Security Headers
Name Value
Content-Security-Policy default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.ired.team
:scheme
https
:path
/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:15 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d2a5f5878d7261202207294ee867c99871614680113; expires=Thu, 01-Apr-21 10:15:13 GMT; path=/; domain=.www.ired.team; HttpOnly; SameSite=Lax
cf-ray
6299dcd519870631-FRA
cache-control
public, max-age=86400, s-maxage=86400, stale-while-revalidate=3600, stale-if-error=43200
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding, Authorization, Cookie, X-CDN-Host
cf-cache-status
MISS
cf-request-id
089408592e0000063186810000000001
content-security-policy
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
function-execution-id
34siggz7nk5v
referrer-policy
no-referrer-when-downgrade
x-cdn-cache-group
-LFEMnER3fywgFHoroYn
x-cloud-trace-context
b878a304ba5b73e0f4f1ec25aad856fd
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
server
cloudflare
content-encoding
gzip
css?family=Source+Code+Pro:500&display=swap
fonts.googleapis.com/
2 KB
677 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
084337b4bbbd1e1e5f06c0755f0d17421b55f8b9499f4c5244354405fb70cfa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 02 Mar 2021 09:59:46 GMT
server
ESF
date
Tue, 02 Mar 2021 10:15:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 02 Mar 2021 10:15:15 GMT
emojione-sprite-40.min.css
unpkg.com/emojione-assets@4.0.0/sprites/
183 KB
14 KB
Stylesheet
General
Full URL
https://unpkg.com/emojione-assets@4.0.0/sprites/emojione-sprite-40.min.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:15 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
5725051
vary
Accept-Encoding
cf-request-id
0894086278000017661b9d0000000001
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"2dc7c-MlEndlChcp6B66cJCh5yD8CB/Fo"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
22a561d395b235f9c3e2c0bd377a83e4
cache-control
public, max-age=31536000
cf-ray
6299dce3f85c1766-FRA
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/
1 KB
1 KB
Stylesheet
General
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:15 GMT
content-encoding
gzip
cf-cache-status
HIT
age
5724993
cf-polished
origSize=1701
x-guploader-uploadid
ABg5-UwRbBqrUTgzcypdeEnLLffVrUFlH4Ffm7o_Kq_YTSXWywTO_QDa5W3zu0-BQvy2RezZBILefdfyeqntrV4Fiuc
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
089408629500004e43b68eb000000001
expires
Sat, 25 Dec 2021 13:13:54 GMT
last-modified
Thu, 17 Dec 2020 11:33:02 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1608204782760602
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
6299dce41c6c4e43-FRA
cf-bgj
minify
polyfill.min.js?flags=gated&features=Intl
polyfill.io/v3/
72 B
536 B
Script
General
Full URL
https://polyfill.io/v3/polyfill.min.js?flags=gated&features=Intl
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::621 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
1059730
detected-user-agent
Chrome Mobile/83.0.4103
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length
74
referrer-policy
origin-when-cross-origin
last-modified
Wed, 17 Feb 2021 17:54:30 GMT
date
Tue, 02 Mar 2021 10:15:15 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/83.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
gblobscdn.gitbook.com/
28 KB
29 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:15 GMT
cf-cache-status
HIT
age
10035993
x-guploader-uploadid
ABg5-Uyi4yb6xzxMM2w327T_bM1rD925KiGNS4hflTye11n2aT2qYIBoHaJ5uVZwPi_ZGvAk3DvyTXK_GKBnEy9uCVy38JPavg
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
29066
cf-request-id
089408629b00002c368cb05000000001
last-modified
Sat, 08 Sep 2018 20:00:14 GMT
server
cloudflare
etag
"2965c5f978755802debc0291c5574853"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation
1536436814766237
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
29066
x-goog-meta-firebasestoragedownloadtokens
1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges
bytes
cf-ray
6299dce4284a2c36-FRA
expires
Sat, 06 Nov 2021 04:14:37 GMT
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/
7 KB
7 KB
Image
General
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 07:56:06 GMT
x-content-type-options
nosniff
age
8349
content-disposition
inline;filename=""
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 02 Mar 2021 18:38:36 GMT
15949637?s=400&v=4
avatars.githubusercontent.com/u/
15 KB
16 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/15949637?s=400&v=4
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
b1651fc3be8230f0c9d29509af34d4055d3467ff1f799212cd21315a968f17cb
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
e8a046a84fdf362eabeb16f3fa168e4d7351cdfc
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
15355
x-xss-protection
1; mode=block
x-served-by
cache-hhn4067-HHN
last-modified
Mon, 22 Oct 2018 16:15:58 GMT
x-github-request-id
8DF2:152C:2EFC73:32F9AD:603784EE
x-timer
S1614680116.967039,VS0,VE1
x-frame-options
deny
date
Tue, 02 Mar 2021 10:15:15 GMT
source-age
428868
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"bc5c8ffda4bb774e01659c54c8d420d412740726854c7c146075b3761dfafce9"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 02 Mar 2021 10:20:15 GMT
ogp.png
adepts.of0x.cc/assets/img/
542 KB
543 KB
Image
General
Full URL
https://adepts.of0x.cc/assets/img/ogp.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:d0::d25:d001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
b51b390830ed7b57c49ec11a645160d08f729833ef3756884505d6a1defb9196
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nf-request-id
f1811555-fa61-4785-ae0b-c79851f6aa6b-40707044
date
Sat, 27 Feb 2021 17:46:40 GMT
server
Netlify
age
232116
etag
"dca8c6aa6098ba7047c282001197779b-ssl"
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
content-length
555381
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/
449 B
1 KB
Image
General
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 16 Dec 2019 19:04:37 GMT
x-datacenter
wus
date
Tue, 02 Mar 2021 10:15:15 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=1081
etag
"0x8D7825ACB981CED"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:21aee9e4-1cf5-4750-b2bd-78b2747f4211
expires
Tue, 02 Mar 2021 10:33:16 GMT
20513519?s=400&v=4
avatars.githubusercontent.com/u/
28 KB
28 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/20513519?s=400&v=4
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
f2932048dcc510df023d41e975c91b50f87399b7b036647baddca9d57118c158
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
5ef1e7a305f2a1b2f3a5428521a92790ab530cb3
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
1
vary
Authorization,Accept-Encoding
content-length
28580
x-xss-protection
1; mode=block
x-served-by
cache-hhn4067-HHN
last-modified
Mon, 11 Jun 2018 14:05:50 GMT
x-github-request-id
8638:1351D:2C6AA7:2EF94B:601D37C3
x-timer
S1614680116.967016,VS0,VE1
x-frame-options
deny
date
Tue, 02 Mar 2021 10:15:15 GMT
source-age
2152557
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"c9477a83213229e9df041fd98ea2e83b811d1201425de746e817ab7ef9005420"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 02 Mar 2021 10:20:15 GMT
f4fa50c4003f87e7dc10459e500933c3.woff
gstatic.gitbook.com/fonts/
92 KB
93 KB
Font
General
Full URL
https://gstatic.gitbook.com/fonts/f4fa50c4003f87e7dc10459e500933c3.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:15 GMT
cf-cache-status
HIT
age
1212143
x-guploader-uploadid
ABg5-UzViI99Dda3cP3Qg3SePBZOPHID0sQWCh5Xwb7ABpf3Kymyn5an3hMnqxi3vfYhSRH4_2EY0VJyV-VMMjFl5_yqQD8fqg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94368
cf-request-id
08940862d300004e80f5203000000001
last-modified
Thu, 04 Feb 2021 10:35:40 GMT
server
cloudflare
etag
"f4fa50c4003f87e7dc10459e500933c3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=FUjfEA==, md5=9PpQxAA/h+fcEEWeUAkzww==
x-goog-generation
1612434940263795
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94368
accept-ranges
bytes
cf-ray
6299dce4896d4e80-FRA
expires
Fri, 04 Feb 2022 12:56:56 GMT
72e37e5bf95a8dba938c78b1d7d91253.woff
gstatic.gitbook.com/fonts/
92 KB
93 KB
Font
General
Full URL
https://gstatic.gitbook.com/fonts/72e37e5bf95a8dba938c78b1d7d91253.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:15 GMT
cf-cache-status
HIT
age
1212143
x-guploader-uploadid
ABg5-UyU5GJvRdf605vE7W_DJPUXMjr0Prnk9CVvz6EBO-T9kM3BNXlW_5Kojg9BbBMZEIYguP6ZWRmO45kHPqzjRRU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94040
cf-request-id
08940862d400004e80d69ca000000001
last-modified
Mon, 11 Jan 2021 12:55:27 GMT
server
cloudflare
etag
"72e37e5bf95a8dba938c78b1d7d91253"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=TBIniA==, md5=cuN+W/lajbqTjHix19kSUw==
x-goog-generation
1610369727150031
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94040
accept-ranges
bytes
cf-ray
6299dce4896f4e80-FRA
expires
Thu, 27 Jan 2022 21:58:50 GMT
fc3d4b35e4d07d4e0485cc2db0e57c77.woff
gstatic.gitbook.com/fonts/
92 KB
92 KB
Font
General
Full URL
https://gstatic.gitbook.com/fonts/fc3d4b35e4d07d4e0485cc2db0e57c77.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:15 GMT
cf-cache-status
HIT
age
5750005
x-guploader-uploadid
AEnB2UqsZ3WK_xS0YchRtujyaXSHhWyr8A3u9cWzDfV84KgDBxBluJjubL9gKNbI1STPBxQltx3kLRWA6bEaNRNxSvRzAcBChQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
93788
cf-request-id
08940862d400004e80053eb000000001
last-modified
Fri, 11 Dec 2020 09:44:49 GMT
server
cloudflare
etag
"fc3d4b35e4d07d4e0485cc2db0e57c77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=7TN+QQ==, md5=/D1LNeTQfU4EhcwtsOV8dw==
x-goog-generation
1584024803933768
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
93788
accept-ranges
bytes
cf-ray
6299dce4896e4e80-FRA
expires
Sat, 11 Dec 2021 16:43:23 GMT
HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
fonts.gstatic.com/s/sourcecodepro/v13/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/sourcecodepro/v13/HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.ired.team
Referer
https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 25 Feb 2021 08:21:01 GMT
x-content-type-options
nosniff
last-modified
Thu, 24 Sep 2020 23:57:48 GMT
server
sffe
age
438854
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11232
x-xss-protection
0
expires
Fri, 25 Feb 2022 08:21:01 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafV_HqOB_7DmHvbnsI%2FScreenshot%20from%202019-03-23%2017-01-44.png?alt=media&token=4a48f251-95cc-4861-a57a-020e7440f17e
gblobscdn.gitbook.com/
39 KB
39 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafV_HqOB_7DmHvbnsI%2FScreenshot%20from%202019-03-23%2017-01-44.png?alt=media&token=4a48f251-95cc-4861-a57a-020e7440f17e
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9edb04b5cd38a4ff30725246abd27d74b027636fd4ee6ad2f16159bbb0ead350

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:16 GMT
cf-cache-status
HIT
age
1439322
x-guploader-uploadid
ABg5-UyViGjY-ywwwZSMtrqaw0G-dq7-IPCr6q-zwCobygLljBnx2I0qjW8P1QkzzZx0khI7EO53PViIcCVzqrmlUok
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Screenshot%20from%202019-03-23%2017-01-44.png
content-type
image/png
content-length
39427
cf-request-id
089408637500002c3671040000000001
last-modified
Sat, 23 Mar 2019 17:23:25 GMT
server
cloudflare
etag
"bdbe777ae879170309de94291d65f9dd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=rp+dUg==, md5=vb53euh5FwMJ3pQpHWX53Q==
x-goog-generation
1553361805826853
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
39427
x-goog-meta-firebasestoragedownloadtokens
4a48f251-95cc-4861-a57a-020e7440f17e
accept-ranges
bytes
cf-ray
6299dce58a3d2c36-FRA
expires
Sun, 13 Feb 2022 18:22:46 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lagc7PKj1IQDpfBToOL%2F-LagcFilzzy-F14sw68T%2FPeek%202019-03-23%2022-16.gif?alt=media&token=0ca226d0-745a-4543-8227-f1f1d90ae218
gblobscdn.gitbook.com/
5 MB
5 MB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lagc7PKj1IQDpfBToOL%2F-LagcFilzzy-F14sw68T%2FPeek%202019-03-23%2022-16.gif?alt=media&token=0ca226d0-745a-4543-8227-f1f1d90ae218
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
690718f3d303a0ff7d1a9f318aacc101b4149f533c8bbf262346ac734445fab7

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:16 GMT
cf-cache-status
HIT
age
46247
x-guploader-uploadid
ABg5-UyWHVDfQCCGIUDcT3Kf9dCNk6vwCxSHatBtncgIzHJ9uAtk7X60pXKrrg54MD7MDsyHXLJ4_9LAMi3bzWxOZLg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Peek%202019-03-23%2022-16.gif
content-type
image/gif
content-length
4823734
cf-request-id
089408637500002c36599f2000000001
last-modified
Sat, 23 Mar 2019 22:17:33 GMT
server
cloudflare
etag
"dd3ad78e4214d5363f6cce71a542120a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=13vBXw==, md5=3TrXjkIU1TY/bM5xpUISCg==
x-goog-generation
1553379453689866
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
4823734
x-goog-meta-firebasestoragedownloadtokens
0ca226d0-745a-4543-8227-f1f1d90ae218
accept-ranges
bytes
cf-ray
6299dce58a422c36-FRA
expires
Mon, 28 Feb 2022 22:24:55 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagRzvdgGI_AjnHNGVu%2FPeek%202019-03-23%2021-25.gif?alt=media&token=b2fe4e7d-78d1-40b3-a1a3-c22d559e7324
gblobscdn.gitbook.com/
2 MB
2 MB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagRzvdgGI_AjnHNGVu%2FPeek%202019-03-23%2021-25.gif?alt=media&token=b2fe4e7d-78d1-40b3-a1a3-c22d559e7324
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd7dfe5cbcf8820873765a959317ff67ed354b1fb5f2c8c5361d5429f4a18479

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:16 GMT
cf-cache-status
HIT
age
227745
x-guploader-uploadid
ABg5-Uw_uth6SRfMzn-G3OimINnGoFeOjxMTBKBxeikGML6AQqUjwDaXKfdKuudSv6s0Gzr0MojEtrnTCaIFbEsuNC6fkyZ2BQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Peek%202019-03-23%2021-25.gif
content-type
image/gif
content-length
2430463
cf-request-id
089408637600002c369701a000000001
last-modified
Sat, 23 Mar 2019 21:33:45 GMT
server
cloudflare
etag
"d66364c135e5ce77e497484a59c5c244"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=YVM3MQ==, md5=1mNkwTXlznfkl0hKWcXCRA==
x-goog-generation
1553376825508714
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
2430463
x-goog-meta-firebasestoragedownloadtokens
b2fe4e7d-78d1-40b3-a1a3-c22d559e7324
accept-ranges
bytes
cf-ray
6299dce58a432c36-FRA
expires
Sun, 27 Feb 2022 09:26:32 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagSPkZBVAE8Hiw-OS5%2FScreenshot%20from%202019-03-23%2021-26-41.png?alt=media&token=89fed1b1-514b-436e-85b5-171c3a120e1d
gblobscdn.gitbook.com/
51 KB
51 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagSPkZBVAE8Hiw-OS5%2FScreenshot%20from%202019-03-23%2021-26-41.png?alt=media&token=89fed1b1-514b-436e-85b5-171c3a120e1d
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f072597f36e78f538aa38a42042cc22122374a08ca665c8db12f430ad04fc010

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:16 GMT
cf-cache-status
HIT
age
227737
x-guploader-uploadid
ABg5-UwWlL6M05B5O5ErFcomMEARtLIZ2mWkxFV6Y83OV2iq_hJbT2sAPkKO3HkYvWmfWNTXi9auwboZf6dslZfQJxU
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Screenshot%20from%202019-03-23%2021-26-41.png
content-type
image/png
content-length
51893
cf-request-id
089408637600002c363ba13000000001
last-modified
Sat, 23 Mar 2019 21:33:42 GMT
server
cloudflare
etag
"6778a3e1b08cc983aa6fc51d8805cce5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jxoxmA==, md5=Z3ij4bCMyYOqb8UdiAXM5Q==
x-goog-generation
1553376822668207
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
51893
x-goog-meta-firebasestoragedownloadtokens
89fed1b1-514b-436e-85b5-171c3a120e1d
accept-ranges
bytes
cf-ray
6299dce58a442c36-FRA
expires
Sun, 27 Feb 2022 18:59:38 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafWggI6jQDaakG93fk%2FScreenshot%20from%202019-03-23%2017-08-29.png?alt=media&token=d0822e05-ac76-40c5-b3dc-1706d02f68a9
gblobscdn.gitbook.com/
62 KB
62 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafWggI6jQDaakG93fk%2FScreenshot%20from%202019-03-23%2017-08-29.png?alt=media&token=d0822e05-ac76-40c5-b3dc-1706d02f68a9
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
331abc945467d00b5c9fbe797fe8733fe22df9ec9efcb719b1a75f8db7ee824b

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:16 GMT
cf-cache-status
HIT
age
950205
x-guploader-uploadid
ABg5-Uzu0VCFexoFoQBaxbCmt9M-DEUy3JcxXeS2oGoEAAZ1x5NsmROIlOPxUZ1RYfpFvghjeUn7oQePMJre4NUg1do
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Screenshot%20from%202019-03-23%2017-08-29.png
content-type
image/png
content-length
63404
cf-request-id
089408637600002c3693127000000001
last-modified
Sat, 23 Mar 2019 17:23:25 GMT
server
cloudflare
etag
"71f356ad0207ff9687bba117ea7dd44e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Smcn/g==, md5=cfNWrQIH/5aHu6EX6n3UTg==
x-goog-generation
1553361805674946
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
63404
x-goog-meta-firebasestoragedownloadtokens
d0822e05-ac76-40c5-b3dc-1706d02f68a9
accept-ranges
bytes
cf-ray
6299dce58a452c36-FRA
expires
Sat, 19 Feb 2022 10:18:31 GMT
111.c1e0c47b.js
gstatic.gitbook.com/js/
3 MB
945 KB
Script
General
Full URL
https://gstatic.gitbook.com/js/111.c1e0c47b.js
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab4364ddaad5945c8e8bda24438197c51c2bd3c9ecc925f96b0472f09e8b7d20

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:16 GMT
content-encoding
gzip
cf-cache-status
HIT
age
62715
cf-polished
origSize=3418119
x-guploader-uploadid
ABg5-Uz2DAYETikKf8vw9cinnuCnDP67X0dwwaq1pLJq9_uNGmaI5LdOYorUN9pSG1LgPl1CSxkyYqiI2sIx9LIR03fMH6qKaQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
089408642c00004e80e99e9000000001
expires
Tue, 01 Mar 2022 16:25:55 GMT
last-modified
Mon, 01 Mar 2021 16:22:54 GMT
server
cloudflare
etag
W/"a7a71d08e732721496732725918bd779"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=xCtPdw==, md5=p6cdCOcychSWcyclkYvXeQ==
x-goog-generation
1614615774130803
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
3418119
cf-ray
6299dce6acd04e80-FRA
cf-bgj
minify
logger.min.js
cdn.lr-ingest.io/
641 KB
116 KB
Script
General
Full URL
https://cdn.lr-ingest.io/logger.min.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6402 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ad1018e5eceb8efd0acddcf8649c80b1b8589f07b6d16e8bb5fddbf45c3d09b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:16 GMT
content-encoding
br
vary
x-fh-requested-host, accept-encoding
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
175
x-cache
MISS
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08940865da00002b65db012000000001
x-served-by
cache-fra19160-FRA
last-modified
Mon, 01 Mar 2021 23:03:39 GMT
server
cloudflare
x-timer
S1614639902.063885,VS0,VE579
etag
W/"024ac1c07ad0decb23cca256e88c19fe959bb3453c8613c578ffbcd6ca9123f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31556926
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dJqH7A9XYMg29xWZXgTo7p699m1eq2tvSdojN%2Fglzp%2F2XGnT3AiyBpXoA9FNNtWKRR49ikoJVMteu%2F%2F%2BVrJ6wvVac0JGaxRomk3qV%2FJ68vqOhd3mqXwRFq8026e9"}],"max_age":604800}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
6299dce95b3d2b65-FRA
x-cache-hits
0
__session?proposed=4a0d9eb4-045a-4825-a694-b7ac895dbd92R
app.gitbook.com/
52 B
735 B
Fetch
General
Full URL
https://app.gitbook.com/__session?proposed=4a0d9eb4-045a-4825-a694-b7ac895dbd92R
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d23bf714489848dd645fb73b4accbc3f6b22048cf7501de3569637762937d737

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:17 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
x-magic-hash
8846c648caefcfd496dbd4d3a2e40cfb2976a7e4b9b35a3e70ea99f9fc5fd6ad
x-powered-by
Express
x-cache
MISS
x-release
gitbook-28427-6.25.0
cf-request-id
08940867d000004e43730e0000000001
access-control-allow-origin
https://www.ired.team
server
cloudflare
etag
W/"34-xIF9ouUGdeb+rnzVVXdLZgyHTH0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
via
no cache
x-cloud-trace-context
abf3ee8405f6c5a136d961fdee6f4727
cache-control
private
access-control-allow-credentials
true
function-execution-id
q38rf6vm0pkk
cf-ray
6299dcec78e14e43-FRA
expires
Tue, 02 Mar 2021 10:15:17 GMT
ec77771d-1f54-4ae0-91e1-da90d0b2893b
https//www.ired.team/
423 KB
0
Other
General
Full URL
blob:https://www.ired.team/ec77771d-1f54-4ae0-91e1-da90d0b2893b
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8d582c9f9374fc6a1791db7e8920b592603b0f92d93eb38658695260be7bd4dc

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
433205
spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
gblobscdn.gitbook.com/
28 KB
29 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:17 GMT
cf-cache-status
HIT
age
10035995
x-guploader-uploadid
ABg5-Uyi4yb6xzxMM2w327T_bM1rD925KiGNS4hflTye11n2aT2qYIBoHaJ5uVZwPi_ZGvAk3DvyTXK_GKBnEy9uCVy38JPavg
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
29066
cf-request-id
08940869e700002c3630047000000001
last-modified
Sat, 08 Sep 2018 20:00:14 GMT
server
cloudflare
etag
"2965c5f978755802debc0291c5574853"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation
1536436814766237
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
29066
x-goog-meta-firebasestoragedownloadtokens
1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges
bytes
cf-ray
6299dcefd8342c36-FRA
expires
Sat, 06 Nov 2021 04:14:37 GMT
.lp?start=t&ser=74800665&cb=1&v=5
gitbook-28427.firebaseio.com/ Frame 7607
422 B
664 B
Script
General
Full URL
https://gitbook-28427.firebaseio.com/.lp?start=t&ser=74800665&cb=1&v=5
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
81b5ccd1a82f8c86239140446bfe50cf42d92318651319ae277132000c4e6b6b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 10:15:17 GMT
Server
nginx
Connection
keep-alive
Content-Length
422
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
.lp?dframe=t&id=3440459&pw=0sDxzBsCcp&ns=gitbook-28427
s-usc1c-nss-267.firebaseio.com/ Frame 58E8
420 B
649 B
Document
General
Full URL
https://s-usc1c-nss-267.firebaseio.com/.lp?dframe=t&id=3440459&pw=0sDxzBsCcp&ns=gitbook-28427
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
da0d92800e58ac1e3ecd3d3d48f7badeadd745d93d8cb49d19dbf778504758ac
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Host
s-usc1c-nss-267.firebaseio.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass

Response headers

Server
nginx
Date
Tue, 02 Mar 2021 10:15:18 GMT
Content-Type
text/html; charset=utf-8
Content-Length
420
Connection
keep-alive
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
.lp?id=3440459&pw=0sDxzBsCcp&ser=59411440&ns=gitbook-28427
s-usc1c-nss-267.firebaseio.com/ Frame 7607
15 B
256 B
Script
General
Full URL
https://s-usc1c-nss-267.firebaseio.com/.lp?id=3440459&pw=0sDxzBsCcp&ser=59411440&ns=gitbook-28427
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 10:15:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
15
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
.lp?id=3440459&pw=0sDxzBsCcp&ser=59411441&ns=gitbook-28427&seg0=0&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MSwiYSI6InMiLCJiIjp7ImMiOnsic2RrLmpzLjctMTQtMSI6MX19fX0.
s-usc1c-nss-267.firebaseio.com/ Frame 7607
58 B
299 B
Script
General
Full URL
https://s-usc1c-nss-267.firebaseio.com/.lp?id=3440459&pw=0sDxzBsCcp&ser=59411441&ns=gitbook-28427&seg0=0&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MSwiYSI6InMiLCJiIjp7ImMiOnsic2RrLmpzLjctMTQtMSI6MX19fX0.
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 10:15:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
58
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/
1 KB
742 B
Stylesheet
General
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
content-encoding
gzip
cf-cache-status
HIT
age
5724996
cf-polished
origSize=1701
x-guploader-uploadid
ABg5-UwRbBqrUTgzcypdeEnLLffVrUFlH4Ffm7o_Kq_YTSXWywTO_QDa5W3zu0-BQvy2RezZBILefdfyeqntrV4Fiuc
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
0894086b2000004e43538a6000000001
expires
Sat, 25 Dec 2021 13:13:54 GMT
last-modified
Thu, 17 Dec 2020 11:33:02 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1608204782760602
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
6299dcf1c83e4e43-FRA
cf-bgj
minify
assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafV_HqOB_7DmHvbnsI%2FScreenshot%20from%202019-03-23%2017-01-44.png?alt=media&token=4a48f251-95cc-4861-a57a-020e7440f17e
gblobscdn.gitbook.com/
39 KB
39 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafV_HqOB_7DmHvbnsI%2FScreenshot%20from%202019-03-23%2017-01-44.png?alt=media&token=4a48f251-95cc-4861-a57a-020e7440f17e
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9edb04b5cd38a4ff30725246abd27d74b027636fd4ee6ad2f16159bbb0ead350

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
1439324
x-guploader-uploadid
ABg5-UyViGjY-ywwwZSMtrqaw0G-dq7-IPCr6q-zwCobygLljBnx2I0qjW8P1QkzzZx0khI7EO53PViIcCVzqrmlUok
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Screenshot%20from%202019-03-23%2017-01-44.png
content-type
image/png
content-length
39427
cf-request-id
0894086b7900002c364cbbe000000001
last-modified
Sat, 23 Mar 2019 17:23:25 GMT
server
cloudflare
etag
"bdbe777ae879170309de94291d65f9dd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=rp+dUg==, md5=vb53euh5FwMJ3pQpHWX53Q==
x-goog-generation
1553361805826853
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
39427
x-goog-meta-firebasestoragedownloadtokens
4a48f251-95cc-4861-a57a-020e7440f17e
accept-ranges
bytes
cf-ray
6299dcf25b872c36-FRA
expires
Sun, 13 Feb 2022 18:22:46 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lagc7PKj1IQDpfBToOL%2F-LagcFilzzy-F14sw68T%2FPeek%202019-03-23%2022-16.gif?alt=media&token=0ca226d0-745a-4543-8227-f1f1d90ae218
gblobscdn.gitbook.com/
5 MB
5 MB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lagc7PKj1IQDpfBToOL%2F-LagcFilzzy-F14sw68T%2FPeek%202019-03-23%2022-16.gif?alt=media&token=0ca226d0-745a-4543-8227-f1f1d90ae218
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
690718f3d303a0ff7d1a9f318aacc101b4149f533c8bbf262346ac734445fab7

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
46249
x-guploader-uploadid
ABg5-UyWHVDfQCCGIUDcT3Kf9dCNk6vwCxSHatBtncgIzHJ9uAtk7X60pXKrrg54MD7MDsyHXLJ4_9LAMi3bzWxOZLg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Peek%202019-03-23%2022-16.gif
content-type
image/gif
content-length
4823734
cf-request-id
0894086b8b00002c368422c000000001
last-modified
Sat, 23 Mar 2019 22:17:33 GMT
server
cloudflare
etag
"dd3ad78e4214d5363f6cce71a542120a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=13vBXw==, md5=3TrXjkIU1TY/bM5xpUISCg==
x-goog-generation
1553379453689866
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
4823734
x-goog-meta-firebasestoragedownloadtokens
0ca226d0-745a-4543-8227-f1f1d90ae218
accept-ranges
bytes
cf-ray
6299dcf27ba92c36-FRA
expires
Mon, 28 Feb 2022 22:24:55 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagRzvdgGI_AjnHNGVu%2FPeek%202019-03-23%2021-25.gif?alt=media&token=b2fe4e7d-78d1-40b3-a1a3-c22d559e7324
gblobscdn.gitbook.com/
2 MB
2 MB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagRzvdgGI_AjnHNGVu%2FPeek%202019-03-23%2021-25.gif?alt=media&token=b2fe4e7d-78d1-40b3-a1a3-c22d559e7324
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd7dfe5cbcf8820873765a959317ff67ed354b1fb5f2c8c5361d5429f4a18479

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
227747
x-guploader-uploadid
ABg5-Uw_uth6SRfMzn-G3OimINnGoFeOjxMTBKBxeikGML6AQqUjwDaXKfdKuudSv6s0Gzr0MojEtrnTCaIFbEsuNC6fkyZ2BQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Peek%202019-03-23%2021-25.gif
content-type
image/gif
content-length
2430463
cf-request-id
0894086b8c00002c369a35b000000001
last-modified
Sat, 23 Mar 2019 21:33:45 GMT
server
cloudflare
etag
"d66364c135e5ce77e497484a59c5c244"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=YVM3MQ==, md5=1mNkwTXlznfkl0hKWcXCRA==
x-goog-generation
1553376825508714
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
2430463
x-goog-meta-firebasestoragedownloadtokens
b2fe4e7d-78d1-40b3-a1a3-c22d559e7324
accept-ranges
bytes
cf-ray
6299dcf27bac2c36-FRA
expires
Sun, 27 Feb 2022 09:26:32 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagSPkZBVAE8Hiw-OS5%2FScreenshot%20from%202019-03-23%2021-26-41.png?alt=media&token=89fed1b1-514b-436e-85b5-171c3a120e1d
gblobscdn.gitbook.com/
51 KB
51 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LagRoqMgSXHLo4Uz2ie%2F-LagSPkZBVAE8Hiw-OS5%2FScreenshot%20from%202019-03-23%2021-26-41.png?alt=media&token=89fed1b1-514b-436e-85b5-171c3a120e1d
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f072597f36e78f538aa38a42042cc22122374a08ca665c8db12f430ad04fc010

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
227739
x-guploader-uploadid
ABg5-UwWlL6M05B5O5ErFcomMEARtLIZ2mWkxFV6Y83OV2iq_hJbT2sAPkKO3HkYvWmfWNTXi9auwboZf6dslZfQJxU
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Screenshot%20from%202019-03-23%2021-26-41.png
content-type
image/png
content-length
51893
cf-request-id
0894086b8e00002c3664b3e000000001
last-modified
Sat, 23 Mar 2019 21:33:42 GMT
server
cloudflare
etag
"6778a3e1b08cc983aa6fc51d8805cce5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jxoxmA==, md5=Z3ij4bCMyYOqb8UdiAXM5Q==
x-goog-generation
1553376822668207
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
51893
x-goog-meta-firebasestoragedownloadtokens
89fed1b1-514b-436e-85b5-171c3a120e1d
accept-ranges
bytes
cf-ray
6299dcf27bae2c36-FRA
expires
Sun, 27 Feb 2022 18:59:38 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafWggI6jQDaakG93fk%2FScreenshot%20from%202019-03-23%2017-08-29.png?alt=media&token=d0822e05-ac76-40c5-b3dc-1706d02f68a9
gblobscdn.gitbook.com/
62 KB
62 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Laeh75b5gV2hU4i9OPI%2F-LafWggI6jQDaakG93fk%2FScreenshot%20from%202019-03-23%2017-08-29.png?alt=media&token=d0822e05-ac76-40c5-b3dc-1706d02f68a9
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
331abc945467d00b5c9fbe797fe8733fe22df9ec9efcb719b1a75f8db7ee824b

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
950207
x-guploader-uploadid
ABg5-Uzu0VCFexoFoQBaxbCmt9M-DEUy3JcxXeS2oGoEAAZ1x5NsmROIlOPxUZ1RYfpFvghjeUn7oQePMJre4NUg1do
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''Screenshot%20from%202019-03-23%2017-08-29.png
content-type
image/png
content-length
63404
cf-request-id
0894086b9200002c367e0b1000000001
last-modified
Sat, 23 Mar 2019 17:23:25 GMT
server
cloudflare
etag
"71f356ad0207ff9687bba117ea7dd44e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Smcn/g==, md5=cfNWrQIH/5aHu6EX6n3UTg==
x-goog-generation
1553361805674946
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
63404
x-goog-meta-firebasestoragedownloadtokens
d0822e05-ac76-40c5-b3dc-1706d02f68a9
accept-ranges
bytes
cf-ray
6299dcf28bb52c36-FRA
expires
Sat, 19 Feb 2022 10:18:31 GMT
.lp?id=3440459&pw=0sDxzBsCcp&ser=59411442&ns=gitbook-28427
s-usc1c-nss-267.firebaseio.com/ Frame 7607
47 B
288 B
Script
General
Full URL
https://s-usc1c-nss-267.firebaseio.com/.lp?id=3440459&pw=0sDxzBsCcp&ser=59411442&ns=gitbook-28427
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
ed3730b3270061a92ba848032606b5ad11fba8990e1e02d6f8ef8da54a6237cf
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 10:15:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
47
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
assets%2F-LFEMnER3fywgFHoroYn%2F-MTR6UIcp4bnNdZZ1DKZ%2F-MTRDlqHWWENMUDuGnVW%2Fminidumpwritedump-dump-to-memory.gif?alt=media&token=56499198-471f-4473-b6c7-a5c025747dde
gblobscdn.gitbook.com/
1 MB
1 MB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-MTR6UIcp4bnNdZZ1DKZ%2F-MTRDlqHWWENMUDuGnVW%2Fminidumpwritedump-dump-to-memory.gif?alt=media&token=56499198-471f-4473-b6c7-a5c025747dde
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
100ff7b240e7482b4d0e21287a6671a4a37cb268c95ca886cae3bdc20676f56a

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
1441989
x-guploader-uploadid
ABg5-UyfHwmw-MY7qU-vbHlZoQVfvxk0EOMdPSomB_9nPUVPcACcLk_RGWbYAjtqjr1U486GedCR6f8rIDBFaahQUOg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-disposition
attachment; filename="minidumpwritedump-dump-to-memory.gif"
content-type
image/gif
content-length
1159186
cf-request-id
0894086c7800002c36738dc000000001
last-modified
Sat, 13 Feb 2021 16:30:58 GMT
server
cloudflare
etag
"5a94d4d82ac37e16d8da940fb4fa5276"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=xNfOKA==, md5=WpTU2CrDfhbY2pQPtPpSdg==
x-goog-generation
1613233858791376
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
1159186
x-goog-meta-firebasestoragedownloadtokens
56499198-471f-4473-b6c7-a5c025747dde
accept-ranges
bytes
cf-ray
6299dcf3edc52c36-FRA
expires
Sun, 13 Feb 2022 17:40:12 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LwKjtfckteOqsOEeuka%2F-LwTrrhwYrw0zIOWefB2%2Fcapture-snapshot-lsass.gif?alt=media&token=2d63addb-a14d-4480-9a4c-7eb2768a8b71
gblobscdn.gitbook.com/
2 MB
2 MB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LwKjtfckteOqsOEeuka%2F-LwTrrhwYrw0zIOWefB2%2Fcapture-snapshot-lsass.gif?alt=media&token=2d63addb-a14d-4480-9a4c-7eb2768a8b71
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8f2c22d538af87a0aa1188d5699cd5bc5ae7fed91b07a3bf4485eac6cba8f0c

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
1167316
x-guploader-uploadid
ABg5-UwUuyqLzoaHenOFt0aNHfE4n9ND-Pee1SFkkA8QPjtRVCUtPIXuTR8RkSo2_mKt-a_hFeCTPstQLiw_udcFfv7TAS2oFg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
attachment; filename="capture-snapshot-lsass.gif"
content-type
image/gif
content-length
2158420
cf-request-id
0894086d0300002c3676b54000000001
last-modified
Thu, 19 Dec 2019 15:56:03 GMT
server
cloudflare
etag
"23a40ed333aca353f06b3d8e3d669c92"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=xX24tw==, md5=I6QO0zOso1Pwaz2OPWackg==
x-goog-generation
1576770963897151
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
2158420
x-goog-meta-firebasestoragedownloadtokens
2d63addb-a14d-4480-9a4c-7eb2768a8b71
accept-ranges
bytes
cf-ray
6299dcf4df182c36-FRA
expires
Wed, 16 Feb 2022 20:57:32 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LwKjtfckteOqsOEeuka%2F-LwTt7_ABYtOyKYmIFiG%2Fimage.png?alt=media&token=4b9ae260-3ba8-4478-839d-c48854f4190a
gblobscdn.gitbook.com/
19 KB
19 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LwKjtfckteOqsOEeuka%2F-LwTt7_ABYtOyKYmIFiG%2Fimage.png?alt=media&token=4b9ae260-3ba8-4478-839d-c48854f4190a
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1782357c531a201dace4806ab67d59e7a29117e03b0680a47fd35f7d76ed1d82

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
46249
x-guploader-uploadid
ABg5-UyyP6TZoRZubqFDUHWXKnN8sDs2n0YchZ1B0zEeOYVIyXBaly4RCBlyZboiqAdT5MA93GQEp4vLdZxbKqfun04
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
attachment; filename="image.png"
content-type
image/png
content-length
19033
cf-request-id
0894086d0500002c3630074000000001
last-modified
Thu, 19 Dec 2019 16:01:32 GMT
server
cloudflare
etag
"348068f9102d0e6931216a5cd0f9673e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=MySe/Q==, md5=NIBo+RAtDmkxIWpc0PlnPg==
x-goog-generation
1576771292130040
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
19033
x-goog-meta-firebasestoragedownloadtokens
4b9ae260-3ba8-4478-839d-c48854f4190a
accept-ranges
bytes
cf-ray
6299dcf4df2a2c36-FRA
expires
Tue, 01 Mar 2022 16:59:09 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LwTuGX0yc1_CrO_9Jvh%2F-LwTuhJ8uaD0SFef8RPj%2Fimage.png?alt=media&token=aef62272-eaee-4db6-8402-39e9ca3294b1
gblobscdn.gitbook.com/
44 KB
44 KB
Image
General
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LwTuGX0yc1_CrO_9Jvh%2F-LwTuhJ8uaD0SFef8RPj%2Fimage.png?alt=media&token=aef62272-eaee-4db6-8402-39e9ca3294b1
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52d5005787b55946dda72bb1d4787369c1da867dbb6b2b3747ae15b7a69d8816

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
cf-cache-status
HIT
age
1441989
x-guploader-uploadid
ABg5-UzttDnMvuz-n9CAtFclYgmX5MNF3dr3LRMCZMcWJTEHHjV1GIIYzjLoDfm7p-TJGLeM0QCbWNkC6qoI7Kh7tZ4
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
attachment; filename="image.png"
content-type
image/png
content-length
45055
cf-request-id
0894086d1400002c363e8e8000000001
last-modified
Thu, 19 Dec 2019 16:08:24 GMT
server
cloudflare
etag
"b81b325fa44ce385b4757fc6bcf79727"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=10en2g==, md5=uBsyX6RM44W0dX/GvPeXJw==
x-goog-generation
1576771704618284
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
45055
x-goog-meta-firebasestoragedownloadtokens
aef62272-eaee-4db6-8402-39e9ca3294b1
accept-ranges
bytes
cf-ray
6299dcf4ef532c36-FRA
expires
Sun, 13 Feb 2022 17:39:27 GMT
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/
7 KB
7 KB
Image
General
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 07:56:06 GMT
x-content-type-options
nosniff
age
8352
content-disposition
inline;filename=""
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 02 Mar 2021 18:38:36 GMT
15949637?s=400&v=4
avatars.githubusercontent.com/u/
15 KB
15 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/15949637?s=400&v=4
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
b1651fc3be8230f0c9d29509af34d4055d3467ff1f799212cd21315a968f17cb
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
0967ca3c91353e8d9ac963664d272ce80bd9ad2f
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
2
vary
Authorization,Accept-Encoding
content-length
15355
x-xss-protection
1; mode=block
x-served-by
cache-hhn4067-HHN
last-modified
Mon, 22 Oct 2018 16:15:58 GMT
x-github-request-id
8DF2:152C:2EFC73:32F9AD:603784EE
x-timer
S1614680119.658912,VS0,VE0
x-frame-options
deny
date
Tue, 02 Mar 2021 10:15:18 GMT
source-age
428871
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"bc5c8ffda4bb774e01659c54c8d420d412740726854c7c146075b3761dfafce9"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 02 Mar 2021 10:20:18 GMT
ogp.png
adepts.of0x.cc/assets/img/
542 KB
543 KB
Image
General
Full URL
https://adepts.of0x.cc/assets/img/ogp.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a03:b0c0:3:d0::d25:d001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Netlify /
Resource Hash
b51b390830ed7b57c49ec11a645160d08f729833ef3756884505d6a1defb9196
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nf-request-id
f1811555-fa61-4785-ae0b-c79851f6aa6b-40709411
date
Sat, 27 Feb 2021 17:46:40 GMT
server
Netlify
age
232119
etag
"dca8c6aa6098ba7047c282001197779b-ssl"
strict-transport-security
max-age=31536000
content-type
image/png
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
content-length
555381
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/
449 B
1 KB
Image
General
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 16 Dec 2019 19:04:37 GMT
x-datacenter
wus
date
Tue, 02 Mar 2021 10:15:18 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=1078
etag
"0x8D7825ACB981CED"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:21aee9e4-1cf5-4750-b2bd-78b2747f4211
expires
Tue, 02 Mar 2021 10:33:16 GMT
20513519?s=400&v=4
avatars.githubusercontent.com/u/
28 KB
28 KB
Image
General
Full URL
https://avatars.githubusercontent.com/u/20513519?s=400&v=4
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.108.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-133.github.com
Software
/
Resource Hash
f2932048dcc510df023d41e975c91b50f87399b7b036647baddca9d57118c158
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
e59b71d104cc63b17d580d7140c2e516dcaf490c
content-security-policy
default-src 'none'
via
1.1 varnish
x-content-type-options
nosniff
x-cache
HIT
x-cache-hits
2
vary
Authorization,Accept-Encoding
content-length
28580
x-xss-protection
1; mode=block
x-served-by
cache-hhn4067-HHN
last-modified
Mon, 11 Jun 2018 14:05:50 GMT
x-github-request-id
8638:1351D:2C6AA7:2EF94B:601D37C3
x-timer
S1614680119.664999,VS0,VE0
x-frame-options
deny
date
Tue, 02 Mar 2021 10:15:18 GMT
source-age
2152560
strict-transport-security
max-age=31557600
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
etag
"c9477a83213229e9df041fd98ea2e83b811d1201425de746e817ab7ef9005420"
accept-ranges
bytes
timing-allow-origin
https://github.com
expires
Tue, 02 Mar 2021 10:20:18 GMT
/
www.gitbook.com/__amp/
7 B
290 B
XHR
General
Full URL
https://www.gitbook.com/__amp/
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 02 Mar 2021 10:15:19 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=15768000
cf-ray
6299dcf61b6e4e80-FRA
content-length
7
cf-request-id
0894086dcc00004e80eba7d000000001
analytics.js
www.google-analytics.com/
46 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 21:33:27 GMT
server
Golfe2
age
1681
date
Tue, 02 Mar 2021 09:47:17 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18980
expires
Tue, 02 Mar 2021 11:47:17 GMT
.lp?id=3440459&pw=0sDxzBsCcp&ser=59411443&ns=gitbook-28427&seg0=1&ts0=1&d0=eyJ0IjoiYyIsImQiOnsidCI6Im4iLCJkIjp7fX19
s-usc1c-nss-267.firebaseio.com/ Frame 7607
38 B
279 B
Script
General
Full URL
https://s-usc1c-nss-267.firebaseio.com/.lp?id=3440459&pw=0sDxzBsCcp&ser=59411443&ns=gitbook-28427&seg0=1&ts0=1&d0=eyJ0IjoiYyIsImQiOnsidCI6Im4iLCJkIjp7fX19
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
ab9a7570dfdadce87d8a7dc2f43587cba2c28e951c6bd9fd9176c5a175a85b20
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 02 Mar 2021 10:15:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
38
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
7f9239ce726764aa22093884902e018d.svg
gstatic.gitbook.com/images/
2 KB
1 KB
Image
General
Full URL
https://gstatic.gitbook.com/images/7f9239ce726764aa22093884902e018d.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:18 GMT
content-encoding
gzip
cf-cache-status
HIT
age
5725050
x-guploader-uploadid
ABg5-UxR-FK8U0DOCB_P1BxO-s8Ghu37pQrgymkBCX2n2Py5GRD03GproWHx5b3Vll0WKMKiFF9wUfq9hocu_bfxU-Q
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/svg+xml
cf-request-id
0894086e5500004e438e382000000001
last-modified
Thu, 17 Dec 2020 11:33:02 GMT
server
cloudflare
etag
W/"7f9239ce726764aa22093884902e018d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VnuT0A==, md5=f5I5znJnZKoiCTiEkC4BjQ==
x-goog-generation
1608204782831580
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
2137
cf-ray
6299dcf6ef2e4e43-FRA
expires
Sun, 26 Dec 2021 03:57:47 GMT
collect?v=1&_v=j88&a=547875756&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fcredential-access-and-credential-dumping%2Fdumping-lsass-passwords-without-mimikatz-minidumpwrit...
www.google-analytics.com/j/
2 B
125 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j88&a=547875756&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fcredential-access-and-credential-dumping%2Fdumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass&dp=%2Foffensive-security%2Fcredential-access-and-credential-dumping%2Fdumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass&ul=en-us&de=UTF-8&dt=Dumping%20Lsass%20without%20Mimikatz%20with%20MiniDumpWriteDump%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=1047383522&gjid=2013542349&cid=293257837.1614680119&tid=UA-57505611-10&_gid=1742525680.1614680119&_r=1&_slc=1&cd1=-LFEMnER3fywgFHoroYn&cd2=-LFEMnEQwqZOY6DtfrzY&cd3=-MUj6m1yXyglBGjLYZOi&cd4=master&cd5=-LafIF6VCybVpgbjcbLd&z=1071262695
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 02 Mar 2021 10:15:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ired.team
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect?v=1&_v=j88&a=547875756&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fcredential-access-and-credential-dumping%2Fdumping-lsass-passwords-without-mimikatz-minidumpwrit...
www.google-analytics.com/j/
2 B
25 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j88&a=547875756&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fcredential-access-and-credential-dumping%2Fdumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass&dp=%2Foffensive-security%2Fcredential-access-and-credential-dumping%2Fdumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass&ul=en-us&de=UTF-8&dt=Dumping%20Lsass%20without%20Mimikatz%20with%20MiniDumpWriteDump%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=1438413248&gjid=1430514336&cid=293257837.1614680119&tid=UA-128974775-1&_gid=1742525680.1614680119&_r=1&_slc=1&z=16978038
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 02 Mar 2021 10:15:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ired.team
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
chunk.966.9bcdd26c.js
gstatic.gitbook.com/js/
1 MB
136 KB
Script
General
Full URL
https://gstatic.gitbook.com/js/chunk.966.9bcdd26c.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb

Request headers

Referer
https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 02 Mar 2021 10:15:22 GMT
content-encoding
gzip
cf-cache-status
HIT
age
5725054
cf-polished
origSize=1540766
x-guploader-uploadid
ABg5-UxUiCFrhpdpY-hDjFODmQZvKGUUxuASGOn2qumfeqk4mCyEZ-KuZamhSXzavg-B4lk7SU6RoIe1d4Ey76Jg7uBoGAvQ8A
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
0894087d4100004e43a6357000000001
last-modified
Thu, 17 Dec 2020 11:33:02 GMT
server
cloudflare
etag
W/"1ee0a04f04f79506addc6f9cc9ade2c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=6ui4QQ==, md5=HuCgTwT3lQat3G+cya3iwA==
x-goog-generation
1608204782893591
access-control-allow-origin
*
expires
Sun, 26 Dec 2021 03:57:47 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1540766
cf-ray
6299dd0ecbc14e43-FRA
cf-bgj
minify

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| GITBOOK_STATE object| __LOADABLE_LOADED_CHUNKS__ object| GitBook object| __SENTRY__ function| _lrMutationObserver object| __SDKCONFIG__ number| 2f1acc6c3a606b082e5eef5e54414ffb function| Intercom function| Mousetrap function| setImmediate function| clearImmediate object| Prism object| __algolia function| _LRLogger boolean| _lr_loaded function| pLPCommand1 function| pRTLPCB1 boolean| __isReactDndBackendSetUp string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

2 Cookies

Domain/Path Name / Value
.ired.team/ Name: amplitude_id_fef1e872c952688acd962d30aa545b9eired.team
Value: eyJkZXZpY2VJZCI6IjRhMGQ5ZWI0LTA0NWEtNDgyNS1hNjk0LWI3YWM4OTVkYmQ5MlIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTYxNDY4MDExNzY5OCwibGFzdEV2ZW50VGltZSI6MTYxNDY4MDExNzY5OCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9
.www.ired.team/ Name: __cfduid
Value: d2a5f5878d7261202207294ee867c99871614680113

1 Console Messages

Source Level URL
Text
console-api log URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js(Line 1)
Message:
Application ready

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adepts.of0x.cc
app.gitbook.com
avatars.githubusercontent.com
cdn.lr-ingest.io
docs.microsoft.com
fonts.googleapis.com
fonts.gstatic.com
gblobscdn.gitbook.com
gitbook-28427.firebaseio.com
gstatic.gitbook.com
lh5.googleusercontent.com
polyfill.io
s-usc1c-nss-267.firebaseio.com
unpkg.com
www.gitbook.com
www.google-analytics.com
www.ired.team
185.199.108.133
2600:1901:0:94b6::
2606:4700::6810:7aaf
2606:4700::6812:191
2606:4700::6812:86f
2606:4700:e0::ac40:6402
2a00:1450:4001:800::200a
2a00:1450:4001:803::200e
2a00:1450:4001:827::200e
2a00:1450:4001:828::2001
2a00:1450:4001:82b::2003
2a02:26f0:6c00:299::353e
2a03:b0c0:3:d0::d25:d001
2a04:4e42:200::621
084337b4bbbd1e1e5f06c0755f0d17421b55f8b9499f4c5244354405fb70cfa6
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
100ff7b240e7482b4d0e21287a6671a4a37cb268c95ca886cae3bdc20676f56a
1782357c531a201dace4806ab67d59e7a29117e03b0680a47fd35f7d76ed1d82
2ad1018e5eceb8efd0acddcf8649c80b1b8589f07b6d16e8bb5fddbf45c3d09b
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
331abc945467d00b5c9fbe797fe8733fe22df9ec9efcb719b1a75f8db7ee824b
3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a
52d5005787b55946dda72bb1d4787369c1da867dbb6b2b3747ae15b7a69d8816
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb
690718f3d303a0ff7d1a9f318aacc101b4149f533c8bbf262346ac734445fab7
81b5ccd1a82f8c86239140446bfe50cf42d92318651319ae277132000c4e6b6b
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec
8d582c9f9374fc6a1791db7e8920b592603b0f92d93eb38658695260be7bd4dc
9edb04b5cd38a4ff30725246abd27d74b027636fd4ee6ad2f16159bbb0ead350
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
ab4364ddaad5945c8e8bda24438197c51c2bd3c9ecc925f96b0472f09e8b7d20
ab9a7570dfdadce87d8a7dc2f43587cba2c28e951c6bd9fd9176c5a175a85b20
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b1651fc3be8230f0c9d29509af34d4055d3467ff1f799212cd21315a968f17cb
b51b390830ed7b57c49ec11a645160d08f729833ef3756884505d6a1defb9196
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43
cd7dfe5cbcf8820873765a959317ff67ed354b1fb5f2c8c5361d5429f4a18479
d23bf714489848dd645fb73b4accbc3f6b22048cf7501de3569637762937d737
da0d92800e58ac1e3ecd3d3d48f7badeadd745d93d8cb49d19dbf778504758ac
e8f2c22d538af87a0aa1188d5699cd5bc5ae7fed91b07a3bf4485eac6cba8f0c
ed3730b3270061a92ba848032606b5ad11fba8990e1e02d6f8ef8da54a6237cf
ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9
f072597f36e78f538aa38a42042cc22122374a08ca665c8db12f430ad04fc010
f2932048dcc510df023d41e975c91b50f87399b7b036647baddca9d57118c158
f485ce8599fd6fe7c1c8c8603bc9882d88d81f7ab9b0b29b77de0d77d537ec39