urlscan.io logo urlscan.io
SecurityTrails logo

www.powertheshell.com Open in urlscan Pro
89.31.143.1  Public Scan

Go To Rescan Add Verdict Report
URL: http://www.powertheshell.com/wp-content/uploads/faviconNew.ico
Submission Tags: falconsandbox
Submission: On October 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 25 HTTP transactions. The main IP is 89.31.143.1, located in Germany and belongs to IPX-AS15598, DE. The main domain is www.powertheshell.com.
This is the only time www.powertheshell.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 89.31.143.1 15598 (IPX-AS15598)
6 104.21.37.52 13335 (CLOUDFLAR...)
1 142.250.185.136 15169 (GOOGLE)
3 104.21.78.7 13335 (CLOUDFLAR...)
2 2 104.20.150.16 13335 (CLOUDFLAR...)
2 172.67.74.120 13335 (CLOUDFLAR...)
2 142.250.186.42 15169 (GOOGLE)
1 172.217.16.142 15169 (GOOGLE)
2 112.65.212.244 ()
2 142.250.184.238 15169 (GOOGLE)
4 142.250.185.196 15169 (GOOGLE)
1 142.250.184.206 15169 (GOOGLE)
25 11
1    89.31.143.1 (Germany)

ASN15598 (IPX-AS15598, DE)
PTR: www.udag.de
www.powertheshell.com
6    104.21.37.52 (None, )

ASN13335 (CLOUDFLARENET, US)
powershell.one
1    142.250.185.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f8.1e100.net
www.googletagmanager.com
3    104.21.78.7 (None, )

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
2    104.20.150.16 (None, )

ASN13335 (CLOUDFLARENET, US)
i.creativecommons.org
2    172.67.74.120 (United States)

ASN13335 (CLOUDFLARENET, US)
licensebuttons.net
2    142.250.186.42 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f10.1e100.net
ajax.googleapis.com
www.googleapis.com
1    172.217.16.142 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f142.1e100.net
www.google-analytics.com
2    112.65.212.244 (None, )

ASN- ()
cdn.bootcss.com
2    142.250.184.238 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net
cse.google.com
4    142.250.185.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net
www.google.com
1    142.250.184.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net
clients1.google.com
Domain Requested by
6 powershell.one www.powertheshell.com
powershell.one
4 www.google.com cse.google.com
www.google.com
3 use.fontawesome.com powershell.one
use.fontawesome.com
2 cse.google.com powershell.one
www.google.com
2 cdn.bootcss.com powershell.one
2 licensebuttons.net powershell.one
2 i.creativecommons.org 2 redirects
1 clients1.google.com powershell.one
1 www.googleapis.com powershell.one
1 www.google-analytics.com www.googletagmanager.com
1 ajax.googleapis.com powershell.one
1 www.googletagmanager.com powershell.one
1 www.powertheshell.com
25 13

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-14 -
2022-06-13		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.bootcss.com
R3		 2021-07-30 -
2021-10-28		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
www.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 2 frames:

Primary Page: http://www.powertheshell.com/wp-content/uploads/faviconNew.ico
Frame ID: CC63FB735607E7043D801237C310026A
Requests: 1 HTTP requests in this frame

Frame: https://powershell.one/isesteroids/quickstart/overview
Frame ID: 482DB8D4E742313D1668E029CB962C0F
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 75%
Detected patterns
  • /Chart(?:\.bundle)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

0 %
IPv6

10
Domains

13
Subdomains

11
IPs

3
Countries

587 kB
Transfer

1436 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://i.creativecommons.org/l/by-nd/4.0/88x31.png HTTP 301
  • https://licensebuttons.net/l/by-nd/4.0/88x31.png
Request Chain 5
  • https://i.creativecommons.org/l/by/4.0/88x31.png HTTP 301
  • https://licensebuttons.net/l/by/4.0/88x31.png

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request faviconNew.ico
www.powertheshell.com/wp-content/uploads/ 		409 B
596 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.powertheshell.com/wp-content/uploads/faviconNew.ico
Protocol
HTTP/1.1
Server
89.31.143.1 , Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
www.udag.de
Software
UD Forwarding 3.1 /
Resource Hash
f6610ccbea1e03907488b2b223d3ddbe77bb5d62aa058a0ddfcb9356f20b438a

Request headers

Host
www.powertheshell.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Thu, 14 Oct 2021 00:09:33 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
close
X-UD-METHOD
frame
Server
UD Forwarding 3.1
overview
powershell.one/isesteroids/quickstart/ Frame 482D 		54 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://powershell.one/isesteroids/quickstart/overview
Requested by
Host: www.powertheshell.com
URL: http://www.powertheshell.com/wp-content/uploads/faviconNew.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.37.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c048910283b3dd8b7d3e1ebb8834245c3cf40625698da1bd221bbfeb500306d

Request headers

:method
GET
:authority
powershell.one
:scheme
https
:path
/isesteroids/quickstart/overview
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
frame
referer
http://www.powertheshell.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://www.powertheshell.com/

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
content-type
text/html; charset=utf-8
last-modified
Wed, 03 Jun 2020 16:42:11 GMT
access-control-allow-origin
*
expires
Thu, 14 Oct 2021 00:19:33 GMT
cache-control
max-age=600
x-proxy-cache
MISS
x-github-request-id
94BA:43E0:7160AD:74EA55:6167753D
via
1.1 varnish
age
0
x-served-by
cache-cdg20747-CDG
x-cache
MISS
x-cache-hits
0
x-timer
S1634170173.470499,VS0,VE105
vary
Accept-Encoding
x-fastly-request-id
5eb5476651ac7149f678b6c3425c8f85d92382d4
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSazc8iocyaGer7u4I%2FRl3E%2BEvNh7xkp3Rd%2FUnWv5FSxcZ11w%2BUCe6RGTpKsXmyetLJdpzraSreyH%2F5KbpmibA1pghpVyEOdLvi9YGtpHNasmB0ibISv99H%2Fob1RY5wxUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
69dc9460187140c9-CDG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
js
www.googletagmanager.com/gtag/ Frame 482D 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-151343537-1
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
97f15cce3cb275c6e302bfd72e7bea907f2e246e7244af27f409cec4baf600fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38559
x-xss-protection
0
expires
Thu, 14 Oct 2021 00:09:33 GMT
main.css
powershell.one/assets/css/ Frame 482D 		156 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://powershell.one/assets/css/main.css
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.37.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c18ac2228975c2d9d27f5344d81ddf6dd71ed458228f63c342cc4f4de68e9bed

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/isesteroids/quickstart/overview
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
43f689db9628b7e125101cd3b0f5419d86108881
date
Thu, 14 Oct 2021 00:09:33 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=161223
x-cache
MISS
x-cache-hits
0
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-cdg20721-CDG
last-modified
Wed, 03 Jun 2020 16:42:11 GMT
server
cloudflare
x-github-request-id
44D2:DDE8:4AFEDE:4D7861:60826930
x-timer
S1619159344.100265,VS0,VE98
etag
W/"5ed7d2e3-275c7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AE9M%2FbOJ8K2xOLxF8YgRPJGckRA%2Fsnf2o7ugTWYAqTrkKQ9jQp5IiOz9jrz5jR9S8II028voIA%2B%2F46qDvmgEEgdo3G1ub9557Fs4p0UsHTtKtUcqnPTjkVYjPla6AjrX4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
expires
Thu, 14 Oct 2021 00:19:33 GMT
cache-control
max-age=14400
cf-ray
69dc9461192c40c9-CDG
x-proxy-cache
MISS
cf-bgj
minify
all.css
use.fontawesome.com/releases/v5.0.13/css/ Frame 482D 		40 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.0.13/css/all.css
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.78.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43730866612149a27f49159d7c4f19185c8694bb91bf41abc884a6fe1346e96e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
8568121
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
FW5PG09ZW5ANSW89
x-amz-id-2
vC/IglTwBcGhsyPB2uW92fI52vQj674wEslXFYgiZM/y0pYrALCwk6AVIdMLOo5++OmqKZmggpg=
last-modified
Wed, 30 Jun 2021 15:27:31 GMT
server
cloudflare
etag
W/"d61bfe9b56c13ecff5313ee3abb45e8b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2BSLj9WO1ALeZufmz3%2FRTiZtO7XIelzyo5L0ysp6OIJQ4przApbdRnkXeU0vDzvYF8lib%2FKfFANSlI98%2FaWye0UmQN0kELDKlK5L6CMjjV7QxTtCisAOYYIdnEzM5LwlqsDXBzjB"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
69dc946148a3b7db-CDG
88x31.png
licensebuttons.net/l/by-nd/4.0/ Frame 482D
Redirect Chain
  • https://i.creativecommons.org/l/by-nd/4.0/88x31.png
  • https://licensebuttons.net/l/by-nd/4.0/88x31.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://licensebuttons.net/l/by-nd/4.0/88x31.png
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.120 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15c4c65e16a7ebadfbe2cbd873accff5e3c4aaf1bf6924cd6738de68826623c6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1568
cf-polished
origSize=4880
vary
Accept-Encoding
content-length
1364
x-xss-protection
1; mode=block
last-modified
Thu, 30 Apr 2020 21:59:13 GMT
server
cloudflare
x-frame-options
deny
etag
"5eab4a31-1310"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8cJG0Ki5%2B4kZKGr%2FpWwfMJheHU%2BTuRCqO0SU0uWt8BJt2ggYkwxU%2BQF0TeGG4aT4tkiwAhyPjmPwTTufgQdPIdcWeNsRGXwJ3S9y5XGUlnm5C1FIJo37lQhjdibcoH7224DdnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
69dc94629a3b3a81-CDG
cf-bgj
imgq:100,h2pri

Redirect headers

date
Thu, 14 Oct 2021 00:09:33 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
server
cloudflare
age
1025
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
deny
content-type
text/html
location
https://licensebuttons.net/l/by-nd/4.0/88x31.png
cache-control
max-age=432000
strict-transport-security
max-age=15768000
cf-ray
69dc94622c8d215d-DUS
vary
Accept-Encoding
x-xss-protection
1; mode=block
88x31.png
licensebuttons.net/l/by/4.0/ Frame 482D
Redirect Chain
  • https://i.creativecommons.org/l/by/4.0/88x31.png
  • https://licensebuttons.net/l/by/4.0/88x31.png
1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://licensebuttons.net/l/by/4.0/88x31.png
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.74.120 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d8a628333a76cfe484a2b9c01bca786fccf08d0010d4bffca2b38b29dd4ed0b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2784
cf-polished
origSize=4739
vary
Accept-Encoding
content-length
1283
x-xss-protection
1; mode=block
last-modified
Thu, 30 Apr 2020 21:59:13 GMT
server
cloudflare
x-frame-options
deny
etag
"5eab4a31-1283"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15768000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H8fpuVHN9AEnE34uaXJPlp%2FtsiPtgjP%2FqXaR4lDsDfT7JLrf4hIQ4gPbcMtzrtlWM6Cv5W8hgzyJIzS%2BzFn868xQSmPQntEoshCEouuRFazrX%2FTXNzQa13btlJBI5wDoWynksg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=432000
accept-ranges
bytes
cf-ray
69dc94629a3d3a81-CDG
cf-bgj
imgq:100,h2pri

Redirect headers

date
Thu, 14 Oct 2021 00:09:33 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
server
cloudflare
age
771
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
deny
content-type
text/html
location
https://licensebuttons.net/l/by/4.0/88x31.png
cache-control
max-age=432000
strict-transport-security
max-age=15768000
cf-ray
69dc94622c8e215d-DUS
vary
Accept-Encoding
x-xss-protection
1; mode=block
email-decode.min.js
powershell.one/cdn-cgi/scripts/5c5dd728/cloudflare-static/ Frame 482D 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://powershell.one/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.37.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/isesteroids/quickstart/overview
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 10:51:03 GMT
server
cloudflare
etag
W/"615c2e17-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qQwE7Tn25ghlQRQMTqVtGUfGS%2BWNPEgn7kfPrmjQ4i0xlRWEBfa%2BDERAIskrUnDDXnlU%2FlJMUE3wOZfYYqkL%2F0Q4qbrhgLRi2%2By%2F0%2F%2FYnaMF6PK4A7Y4PA4jEmnShA%2Fizw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
69dc9461dba94087-CDG
vary
Accept-Encoding
expires
Sat, 16 Oct 2021 00:09:33 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ Frame 482D 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.42 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f10.1e100.net
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 07 Oct 2021 08:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
575895
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30306
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Fri, 07 Oct 2022 08:11:18 GMT
clipboard.min.js
powershell.one/assets/js/ Frame 482D 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://powershell.one/assets/js/clipboard.min.js
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.37.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1626706afc88d95ebe1173b553ec732c6dc82a576989315fdf5e7779af738a44

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/isesteroids/quickstart/overview
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
e3621bd469ff0a0fa5e048628d05037f60206abb
date
Thu, 14 Oct 2021 00:09:33 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache
MISS
x-cache-hits
0
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-cdg20734-CDG
last-modified
Wed, 03 Jun 2020 16:41:52 GMT
server
cloudflare
x-github-request-id
404E:3E5E:9EF9E3:A548B7:60CC2C10
x-timer
S1623993361.758523,VS0,VE95
etag
W/"5ed7d2d0-2a02"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1SbMIWTzPia9Iv%2FVIjiWQRY9IPO6XgRnZAJrOXDMbFSsB9qHuEpGq7L91Q%2FP%2BMMOUGIM6Mgd0xJYxwDXH7p%2BpMewhKdcaCvJySiQLM8XiXJuTLzU%2FdvWzTJUQGeOBJZQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
69dc9461fbbf4087-CDG
x-proxy-cache
MISS
expires
Thu, 14 Oct 2021 00:19:33 GMT
codeselect.js
powershell.one/assets/js/ Frame 482D 		761 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://powershell.one/assets/js/codeselect.js
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.37.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
378928033b75edbed753788ea81ea4a334585cc6863d96baa0ed2816b3b71170

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/isesteroids/quickstart/overview
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
0bfdc04fdf7ef90938e4ff359d5beb2da2512193
date
Thu, 14 Oct 2021 00:09:33 GMT
via
1.1 varnish
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=1257
x-cache
MISS
last-modified
Wed, 03 Jun 2020 16:41:52 GMT
x-cache-hits
0
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-cdg20771-CDG
cf-bgj
minify
server
cloudflare
x-github-request-id
09E4:1124B:14269F8:14BBDF3:60AA14AC
x-timer
S1621759149.660691,VS0,VE95
etag
W/"5ed7d2d0-4e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJ%2FBahHDMZcnJwt0VvMoknSHKoa6kU0nV%2FRSdxk69N9ITWJk0EzgsP%2BBI8ikfQF2b%2BF1as%2BtHevlZnUk4DYgdyXQTb3yvIMIlkh53Jov5U%2F77Eht%2BBtFA9AKnttQJBuzxA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
x-proxy-cache
MISS
cf-ray
69dc9461fbc04087-CDG
x-origin-cache
HIT
expires
Thu, 14 Oct 2021 00:19:33 GMT
analytics.js
www.google-analytics.com/ Frame 482D 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-151343537-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s06-in-f142.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Oct 2021 16:38:54 GMT
server
Golfe2
age
507
date
Thu, 14 Oct 2021 00:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Thu, 14 Oct 2021 02:01:06 GMT
isesteroids_overview.png
powershell.one/assets/res/screenshots/isesteroids/ Frame 482D 		89 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://powershell.one/assets/res/screenshots/isesteroids/isesteroids_overview.png
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.37.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1fbd629e81b29cd5296218bdcb66f047ac7fb44e6c1dbaa2779f00a05386abf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/isesteroids/quickstart/overview
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-fastly-request-id
8ea2e70b05e7a2a101e81e3005b85b623cc502af
date
Thu, 14 Oct 2021 00:09:33 GMT
via
1.1 varnish
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
52774
x-cache
MISS
x-cache-hits
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
91238
x-served-by
cache-cdg20723-CDG
last-modified
Wed, 03 Jun 2020 16:41:52 GMT
server
cloudflare
x-github-request-id
ED20:7743:D9851:F570B:6082B0AE
x-timer
S1619177646.369174,VS0,VE106
etag
"5ed7d2d0-16466"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vprB%2FMt9gg8TGnzE3NUYMcaEjIFZxGLSgOxb8Y5tfgzteMV%2BslLNMUJB71YxKIFh1xRgOhnGk7ykC1cD5P603f25kBYfBiC%2B9V5kDAPWLm3CqaXUHE%2BVEKyYvQKyM4yqjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=86400
accept-ranges
bytes
cf-ray
69dc9461fbc74087-CDG
x-proxy-cache
MISS
expires
Wed, 13 Oct 2021 09:39:58 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.0.13/webfonts/ Frame 482D 		49 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.0.13/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.0.13/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.78.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbbca7d9888b4a9eab7d479756d2924f9b067fd38dab376797029df741f96ee4

Request headers

Referer
https://use.fontawesome.com/releases/v5.0.13/css/all.css
Origin
https://powershell.one
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7763922
cf-ray
69dc94621b3b4007-CDG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
50372
x-amz-id-2
lJ7nKP7azsQsarZGEEgmlGG4i8nrplwpn5B4Yze8NOaPPKTqvofkybhOKdmJnCrnDz1GUpOdA4Q=
last-modified
Wed, 30 Jun 2021 15:27:47 GMT
server
cloudflare
etag
"8a8c0474283e0d9ef41743e5e486bf05"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jpnJuWXMLek5C1xlfQMOiYZC715M6W9rnxWwc%2Bm750ANN%2Fu85Fx5hdtLONXdTO835dwdWjkz%2BmRHKmUiBeSsZ8SAVyslnHvPBE2LZg99nJS1Tm7iS5Pp30n5TsJ%2BG10tzUttc2HG"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
NAWQPKGWAWK28FBT
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
content-type
font/woff2
fa-regular-400.woff2
use.fontawesome.com/releases/v5.0.13/webfonts/ Frame 482D 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.0.13/webfonts/fa-regular-400.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.0.13/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.78.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b4c97a2809cdb53153139544e1f5db34e4917c8f01d2dd94cb9519e24e1ab3c

Request headers

Referer
https://use.fontawesome.com/releases/v5.0.13/css/all.css
Origin
https://powershell.one
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:33 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
7483611
cf-ray
69dc94621b3c4007-CDG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
12188
x-amz-id-2
3mNZwnt8n9Rhfnvc/nFw57jc7N7h0f/Vpoq2/tRTVz2TQTesHs29ziHAuL2Ll1AT32k6nzgqzVc=
last-modified
Wed, 30 Jun 2021 15:27:47 GMT
server
cloudflare
etag
"33f727ccde4b05c0ed143c5cd78cda0c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m7QmJ9Y24y529C9DxsdctIkQmsuW3j1aAb0cvWs1HrqZiM1cktFj6Fm6jIXRvAmuExbcXFdG9DLBaouqtPpr7r7Lt%2FB0h%2FhAAoz7lCAxsEmloWzHLm41f%2BXCHCkPx8c21XU2ypLY"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
26ATK1HV1ZD7XW6P
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
content-type
font/woff2
jquery.min.js
cdn.bootcss.com/jquery/3.1.1/ Frame 482D 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bootcss.com/jquery/3.1.1/jquery.min.js
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
112.65.212.244 -, , ASN (),
Reverse DNS
Software
NWS_TCloud_S1 /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache-lookup
Hit From Disktank3 Gz
x-nws-uuid-verify
c112f2696b5166afe66e4ebbd8a7827e
age
468719
cf-cache-status
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
30100
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
NWS_TCloud_S1
cf-cdnjs-via
cfworker/kv
etag
W/"5eb03ec4-152b5"
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wwfAgVr%2BUS7z190s9t1S0pj2v83pGurMIHOlU1dy1VXBRI2Jua3p6j%2FCbySaVNCxwhiE8RCBFHDF86cJeYtClpVaCtgmnMk9N34aNpdVco1rd0n4cHlQxJ%2B2Q9iTc%2B31fhqcBwc2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-daa-tunnel
hop_count=1
x-nws-log-uuid
c4e34542-0677-4c03-a010-74d328efb56a
cf-ray
69d60d2ffcfb31e5-LAX
expires
Sat, 13 Nov 2021 00:09:37 GMT
cse.js
cse.google.com/ Frame 482D 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/cse.js?cx=002517910569379202526:17bjmmhipe9
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
gws /
Resource Hash
731be6efe722a20c04e2ec84013f97cf196a3b8293f2ca793d61302a405ecc3a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

bfcache-opt-in
unload
date
Thu, 14 Oct 2021 00:09:33 GMT
content-encoding
br
server
gws
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3507
x-xss-protection
0
expires
Thu, 14 Oct 2021 00:09:33 GMT
Chart.bundle.min.js
cdn.bootcss.com/Chart.js/2.7.2/ Frame 482D 		206 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bootcss.com/Chart.js/2.7.2/Chart.bundle.min.js
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
112.65.212.244 -, , ASN (),
Reverse DNS
Software
NWS_TCloud_S1 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cache-lookup
Hit From Disktank3 Gz
x-nws-uuid-verify
ea570a1cf451c7d6b3f11c5506cae022
age
1624501
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
63658
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:03:58 GMT
server
NWS_TCloud_S1
cf-cdnjs-via
cfworker/kv
etag
W/"5eb03cee-338bd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wvXdJA10Tv6YjD00iMYKUwCjTHv264iTYFakosQvRDIhem89kAe1jMqbvkwTK4dyShqKvAeZSpM5Xv4G58OlSl7DHBlnCFR%2B6LK93bttRl90%2F3HfnOyXfcKGKQ%2BZeBuiuAgFESsA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-daa-tunnel
hop_count=1
x-nws-log-uuid
d4b8088d-003c-429b-926e-3803d8a9f509
cf-ray
69db08ad6948311c-LAX
expires
Sat, 13 Nov 2021 00:09:37 GMT
cse_element__en.js
www.google.com/cse/static/element/cc267ab8871224bd/ Frame 482D 		290 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/cc267ab8871224bd/cse_element__en.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=002517910569379202526:17bjmmhipe9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f4.1e100.net
Software
sffe /
Resource Hash
71173eb1cc84ee88adebf5552afaf335a6d6b2759d37b722b56f7d05c9abc1b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 10:30:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
394737
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
97502
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 21:05:40 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Sun, 09 Oct 2022 10:30:37 GMT
default+en.css
www.google.com/cse/static/element/cc267ab8871224bd/ Frame 482D 		41 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/element/cc267ab8871224bd/default+en.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=002517910569379202526:17bjmmhipe9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f4.1e100.net
Software
sffe /
Resource Hash
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 09 Oct 2021 10:30:37 GMT
x-content-type-options
nosniff
age
394737
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41474
x-xss-protection
0
last-modified
Mon, 13 Sep 2021 21:05:40 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Sun, 09 Oct 2022 10:30:37 GMT
shiny.css
www.google.com/cse/static/style/look/v4/ Frame 482D 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.google.com/cse/static/style/look/v4/shiny.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=002517910569379202526:17bjmmhipe9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f4.1e100.net
Software
sffe /
Resource Hash
cb1c7ac42d67db1385aa4eb4f30d35c4370bce6c49cfac0559c3a677c564860a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 23:30:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2357
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1549
x-xss-protection
0
last-modified
Wed, 12 Aug 2020 16:30:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Thu, 14 Oct 2021 00:20:17 GMT
async-ads.js
cse.google.com/adsense/search/ Frame 482D 		155 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/cc267ab8871224bd/cse_element__en.js?usqp=CAI%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.238 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f14.1e100.net
Software
sffe /
Resource Hash
d2a1dab9f702472e05eb58021463217b48942d9817eac90f8d47a1743a47829d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
sffe
etag
"16556635055804679451"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-afs-ui"
expires
Thu, 14 Oct 2021 00:09:34 GMT
clear.png
www.google.com/cse/static/css/v2/ Frame 482D 		1018 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/cse/static/css/v2/clear.png
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/cc267ab8871224bd/default+en.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.196 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f4.1e100.net
Software
sffe /
Resource Hash
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/cse/static/element/cc267ab8871224bd/default+en.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 10 Oct 2021 20:59:01 GMT
x-content-type-options
nosniff
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
age
270633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1018
x-xss-protection
0
expires
Mon, 10 Oct 2022 20:59:01 GMT
generate_204
www.googleapis.com/ Frame 482D 		0
39 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.googleapis.com/generate_204
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.42 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f10.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
generate_204
clients1.google.com/ Frame 482D 		0
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://clients1.google.com/generate_204
Requested by
Host: powershell.one
URL: https://powershell.one/isesteroids/quickstart/overview
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f14.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://powershell.one/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Thu, 14 Oct 2021 00:09:34 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.bootcss.com
clients1.google.com
cse.google.com
i.creativecommons.org
licensebuttons.net
powershell.one
use.fontawesome.com
www.google-analytics.com
www.google.com
www.googleapis.com
www.googletagmanager.com
www.powertheshell.com
104.20.150.16
104.21.37.52
104.21.78.7
112.65.212.244
142.250.184.206
142.250.184.238
142.250.185.136
142.250.185.196
142.250.186.42
172.217.16.142
172.67.74.120
89.31.143.1
15c4c65e16a7ebadfbe2cbd873accff5e3c4aaf1bf6924cd6738de68826623c6
1626706afc88d95ebe1173b553ec732c6dc82a576989315fdf5e7779af738a44
1b4c97a2809cdb53153139544e1f5db34e4917c8f01d2dd94cb9519e24e1ab3c
1c048910283b3dd8b7d3e1ebb8834245c3cf40625698da1bd221bbfeb500306d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2d8a628333a76cfe484a2b9c01bca786fccf08d0010d4bffca2b38b29dd4ed0b
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
378928033b75edbed753788ea81ea4a334585cc6863d96baa0ed2816b3b71170
43730866612149a27f49159d7c4f19185c8694bb91bf41abc884a6fe1346e96e
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
71173eb1cc84ee88adebf5552afaf335a6d6b2759d37b722b56f7d05c9abc1b4
731be6efe722a20c04e2ec84013f97cf196a3b8293f2ca793d61302a405ecc3a
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
97f15cce3cb275c6e302bfd72e7bea907f2e246e7244af27f409cec4baf600fb
a1fbd629e81b29cd5296218bdcb66f047ac7fb44e6c1dbaa2779f00a05386abf
c18ac2228975c2d9d27f5344d81ddf6dd71ed458228f63c342cc4f4de68e9bed
cb1c7ac42d67db1385aa4eb4f30d35c4370bce6c49cfac0559c3a677c564860a
cbbca7d9888b4a9eab7d479756d2924f9b067fd38dab376797029df741f96ee4
d2a1dab9f702472e05eb58021463217b48942d9817eac90f8d47a1743a47829d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6610ccbea1e03907488b2b223d3ddbe77bb5d62aa058a0ddfcb9356f20b438a
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62