tij.me Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

21 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	60 KB 13 KB	133ms 64ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a00888ce1e4b90e0b8c287ea010d17b25f8986c02942786e432ae36f64b62466 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control public, max-age=31536000 cf-cache-status DYNAMIC cf-ray 7a43aa6c2bc3912a-FRA content-encoding br content-type text/html; charset=utf-8 date Tue, 07 Mar 2023 14:53:02 GMT last-modified Tue, 14 Dec 2021 19:39:17 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy no-referrer report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bHnwsl11RguiHfDU8ptCmO3%2BvMdjNDFn6V18StQqkE%2FmqI3E3Ii975WS2DdOdYXRqjoXz5TADZqP96Gt9HnciwrIM2FiGU%2Fyw069%2BdVEup6NyjgtzCXYfzEP2UL6Nq1SfOjxIDQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=63072000; preload vary Accept-Encoding x-content-type-options nosniff x-frame-options deny
GET H2	200	custom.min.1.4.1.css tij.me/css/	72 KB 14 KB	28ms 27ms	Stylesheet text/css	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tij.me/css/custom.min.1.4.1.css Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2984f53e55b7d3e799e962b0dcffa29ae559d0dc5ef40854a0e854f8b4510482 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:10 GMT server cloudflare vary Accept-Encoding x-frame-options deny content-type text/css report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GQxjW4qwQSgA%2FoEwnMuXrShTWkPf6zzrSyGJkeyqKpUgIxSrN8dUw8OnkcmJP996ZtsldTgHIyQ8qj6shEiCoWi4lfzIKtQMznAxUclJmndljWkyvJpBVF9rlfxIbU5zgjBDtwQ%3D"}],"group":"cf-nel","max_age":604800} cache-control public, max-age=31536000 cf-ray 7a43aa6c9c50912a-FRA
GET H2	200	header.jpg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	454 KB 455 KB	29ms 29ms	Image image/jpeg	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/header.jpg Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c3bdb596f1ad16fd86a7e2a53b54d9c73f7c1ae6d418891ad53701b5b22c1adb Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 465292 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:10 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIq8r9LdEyD3%2BimU0g0sbjtmvGT1ixiwD9jRQ3VnvSD91uydwgI%2FiXQw14P%2BZkiXJ4T517BID5YrLo%2Bo9PmW5TxkicpLRnNgyizml5DSUynI56MUMwCCS1187M2sgRhOKv0wq4w%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg vary Accept-Encoding cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7a43aa6cbc6b912a-FRA
GET H2	200	1_normal_flow.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	31 KB 7 KB	56ms 55ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/1_normal_flow.svg?thumbnail Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5906bb9813f45b1999377e870d7324cf3d72804c66c8e57e10d7e905bcd5ffcf Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHxR62U2Oym%2B2opRsljHA8tdvcDRzMoQe84IEZx3FWQsRwFuun5k2fkI6SlOqm06V1sq6O0%2B0mUS7dQVdZ8VeLQ1q%2BxN4G%2BjmPfVn9%2BFO4G1TuKl0TQws%2FF%2BFgTe3MRt%2B6WE1M0%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc70912a-FRA
GET H2	200	1_normal_flow.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	31 KB 6 KB	26ms 26ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/1_normal_flow.svg Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5906bb9813f45b1999377e870d7324cf3d72804c66c8e57e10d7e905bcd5ffcf Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ShcvjtmCfRBAfP5G26BezCo%2BDnzTQ1RaRAKKHXIOWFOW5eM478E%2B97pV%2F9N8gIyMcZTCHZCHsyf3jYz%2BpeaBhhGhVPV0BRkC63%2FKSdHsX8%2FX9H32H5y2oE588pwc6v8OlqhAHig%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc72912a-FRA
GET H2	200	2_malicious_sync.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	49 KB 9 KB	51ms 48ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/2_malicious_sync.svg?thumbnail Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aee463ae3461279991675e3589b1ca9fd4eeefbca9d80197361bde23382d5a68 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mPfBeklGPO8ggOtOz2ZG4%2FK9sBI3TE9kfbApQ7cxJrM4Jo1ojgFHPf99zthaPSLtH7tZnuxdVFNTfnaULPwEXjoWFo%2F3zHItSo5WuN9oDo9VbmxODYv2nEz%2B3ZQC6L9s4tipLzs%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc7b912a-FRA
GET H2	200	2_malicious_sync.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	49 KB 9 KB	51ms 48ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/2_malicious_sync.svg Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash aee463ae3461279991675e3589b1ca9fd4eeefbca9d80197361bde23382d5a68 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ScU5Ly2SXsMv1kDhM9RDbNSXnhy7WK%2Fbbb8TXGFkFqh2aH4Ok7P0AXyO8p58OWQAO6R1nSuoBic4fAV0Z7xy7Jy5Na36vU%2FVW6QNf%2FJnvkA%2FWh%2FPGIdiTJ7iDBSVwrVQc1RAkPA%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc81912a-FRA
GET H2	200	3_legit_migration.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	40 KB 8 KB	52ms 49ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/3_legit_migration.svg?thumbnail Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3088b808722f7f235e499f3417d5830b3ee49cca50ddfb3080466b083cfc2261 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UxUper49ecYUEmOAUwIUhsDSfE65pZooe3z4St2MBHOtgZ0VvnzbxNPViecaHomAGBOcDD0RZQbIYyln%2FoHlsBIgcvHHN%2FuboufiHxSSMtc%2FgDf8ZOU%2FxSAkut2sozZdjAOZyjQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc82912a-FRA
GET H2	200	3_legit_migration.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	40 KB 8 KB	44ms 41ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/3_legit_migration.svg Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3088b808722f7f235e499f3417d5830b3ee49cca50ddfb3080466b083cfc2261 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hkka7JkSTlpw7XQAanK1MjzDwRCrbGIiMOD5%2FB23t9xgv45jzRVDWBHX%2B8iFU6pdGx11Hj4IdLlgYgSM8C4Jb1uTa50GfrJ3vt4wzXkWvoPtj%2B%2FlLw1y6nvJ80K7cyvx5HXiduM%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc84912a-FRA
GET H2	200	4_malicious_migration.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	76 KB 11 KB	50ms 47ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/4_malicious_migration.svg?thumbnail Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1f89da1d0859650f56c02032d0d8bbd423bc1c402970cee27b29e8002ab06bd8 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Udwo3XeNNpwh2TyLAuPWuHz1okaHJ2dkomjvicf18YF%2Bk%2FxjDdhd37IEqqbJU%2B9%2Fq%2BvLOJsSYrbqmvse1DVvntLH2f6KwaGiaVMabY%2Bd9igbthFV%2BU40uATrG6T%2FICCGXY2tuFs%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc86912a-FRA
GET H2	200	4_malicious_migration.svg tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	76 KB 11 KB	54ms 51ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/4_malicious_migration.svg Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1f89da1d0859650f56c02032d0d8bbd423bc1c402970cee27b29e8002ab06bd8 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8HqA4CYwku2JerDv9FhJaAPM2P5nA9F20LPNlePuUlawyU9BIpWfJcLAK53SFkWWq37mkU%2BUw5SUg6u4A6XOXe4w54gUl5s8TIrw%2FvPl8v2dnavWj68BEqydw6ybm98kvM44vRo%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc8c912a-FRA
GET H2	200	5_legitimate_settings.png tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	145 KB 145 KB	51ms 49ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/5_legitimate_settings.png?thumbnail Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 70ea0f4da999e56975fcac01ca27400c4de889f59b68fba5b00b46c136212502 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 148182 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:10 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shJ947BPQW3UJSfxg%2BZ2S%2BbyJXHFNytunJEjLBVrs1wC0ZQKqarHY8a62sMd2lKMR4AJDH%2BK5W4LTJlZ90YJHZPuL78UjPhEcYA28T6pyNKaaKh6WqqscsAOi2DwzWvgdHkYrS8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7a43aa6cbc8d912a-FRA
GET H2	200	5_legitimate_settings.png tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	145 KB 145 KB	52ms 50ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/5_legitimate_settings.png Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 70ea0f4da999e56975fcac01ca27400c4de889f59b68fba5b00b46c136212502 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 148182 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:10 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvdqgGCdEwpGJQQUOFUJxCqw9kihyfKD3yhrlKssqqChFBkwUNmvoHa8bMKd2RKwVhJMHGghKRNXRVTsTiN6PUgI4BpW7mhWBqzWQ4i3ULcnZmYbM77K4Xh2F%2BFhXTOYzShZWQk%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7a43aa6cbc8e912a-FRA
GET H2	200	6_rogue_settings.png tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	145 KB 146 KB	51ms 49ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/6_rogue_settings.png?thumbnail Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f67925ee0c6dcb51c0b84de14ce80c7b87a0eaeaef08eaddf65b2eeffb622869 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 148990 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHta9CKIeDs%2Fd%2Fb4ozA3QFyFWr0NRSu3iJ9gGMInw1fUcQ%2B%2F9EKvmx85eISpuZ21Yg0fOHuwwdAlzqgMPhMXo%2FNm86kuhXraH1NFkd4fUEmtyBI6io2EI3HHczBAujIllPUm9p4%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7a43aa6cbc90912a-FRA
GET H2	200	6_rogue_settings.png tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/	145 KB 146 KB	52ms 50ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/6_rogue_settings.png Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f67925ee0c6dcb51c0b84de14ce80c7b87a0eaeaef08eaddf65b2eeffb622869 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 148990 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6%2BE8cwssJPgaS6yO9X%2FY9E8X9cK%2FW8eJX%2FOookXd%2FsZSsYpYkINySf9%2BTP4bntOrBFI7yMGwJyJ2nH2o404rK0E6YRJcjQ05sReMhwqdbjthcTouaQCdY6AZZV%2Bpyf8dg3s%2Bk0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control public, max-age=31536000 accept-ranges bytes cf-ray 7a43aa6cbc93912a-FRA
GET H2	200	tulip.svg tij.me/	1 KB 976 B	52ms 51ms	Image image/svg+xml	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://tij.me/tulip.svg?1.4.1 Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4c3a2da5e2b682cd44c91c76415268811fe503d1f5c1b9efa53eee58c036f969 Security Headers Name Value Strict-Transport-Security max-age=63072000; preload X-Content-Type-Options nosniff X-Frame-Options deny Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT strict-transport-security max-age=63072000; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 121062 content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 referrer-policy no-referrer last-modified Tue, 14 Dec 2021 19:39:09 GMT server cloudflare x-frame-options deny report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dOdum7ukfsnkugnOhIFYWANMHJ53ygCJFIJHYfCg3VgaDItn9y22MrucRpXagUpiRmOqtVkvIBmLouv2T7ofKxP3qpPJXNufUcLDrk9myARFlUFmje9h%2BYnFDYPqS0Qkky4fp2o%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml vary Accept-Encoding cache-control public, max-age=31536000 cf-ray 7a43aa6cbc94912a-FRA
GET H2	200	email-decode.min.js Show response tij.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/	1 KB 1 KB	22ms 21ms	Script application/javascript	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://tij.me/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js Requested by Host: tij.me URL: https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Tue, 07 Mar 2023 14:53:02 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 28 Feb 2023 18:28:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63fe47b5-4d7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ebUUw1mzxKcYSe0RXIW5kByIuO7Iv3Xr%2FWamsnno6T8ZpVHTri5hLFf3SIHvB7hLoCnsC1ncdnzbNbXWn1m4kWcaYNsRpJokZQXldTieTbjPHZiKXc8pROt6Ag3I7AZeoOZEuA%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript x-frame-options DENY cache-control max-age=172800, public cf-ray 7a43aa6cbc80912a-FRA expires Thu, 09 Mar 2023 14:53:02 GMT

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

tij.me
2a06:98c1:3120::3
1f89da1d0859650f56c02032d0d8bbd423bc1c402970cee27b29e8002ab06bd8
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2984f53e55b7d3e799e962b0dcffa29ae559d0dc5ef40854a0e854f8b4510482
3088b808722f7f235e499f3417d5830b3ee49cca50ddfb3080466b083cfc2261
4c3a2da5e2b682cd44c91c76415268811fe503d1f5c1b9efa53eee58c036f969
5906bb9813f45b1999377e870d7324cf3d72804c66c8e57e10d7e905bcd5ffcf
70ea0f4da999e56975fcac01ca27400c4de889f59b68fba5b00b46c136212502
a00888ce1e4b90e0b8c287ea010d17b25f8986c02942786e432ae36f64b62466
aee463ae3461279991675e3589b1ca9fd4eeefbca9d80197361bde23382d5a68
c3bdb596f1ad16fd86a7e2a53b54d9c73f7c1ae6d418891ad53701b5b22c1adb
f67925ee0c6dcb51c0b84de14ce80c7b87a0eaeaef08eaddf65b2eeffb622869