stealthbits.com Open in urlscan Pro
72.52.228.51 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
Effective URL:
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Submission Tags: falconsandbox
Submission: On December 17 via api (December 17th 2020, 7:06:45 pm UTC) from US

Summary HTTP 67 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 16 domains to perform 67 HTTP transactions. The main IP is 72.52.228.51, located in Lansing, United States and belongs to LIQUIDWEB, US. The main domain is stealthbits.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 9th 2020. Valid for: 3 months.

This is the only time stealthbits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	209.59.132.164 209.59.132.164	32244 (LIQUIDWEB) (LIQUIDWEB)
1 40	72.52.228.51 72.52.228.51	32244 (LIQUIDWEB) (LIQUIDWEB)
1	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
1	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	65.9.68.64 65.9.68.64	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
2	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
1	65.9.68.48 65.9.68.48	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	143.204.202.71 143.204.202.71	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
67	19

1 209.59.132.164 (Lansing, United States) 1 redirects

ASN32244 (LIQUIDWEB, US)

blog.stealthbits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 72.52.228.51 (Lansing, United States) 1 redirects

ASN32244 (LIQUIDWEB, US)

www.stealthbits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stealthbits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:296::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.64 (Seattle, United States)

ASN16509 (AMAZON-02, US)

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.68.48 (Seattle, United States)

ASN16509 (AMAZON-02, US)

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.202.71 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-71.fra53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	stealthbits.com 2 redirects blog.stealthbits.com www.stealthbits.com stealthbits.com	815 KB
4	google-analytics.com www.google-analytics.com	54 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	61 KB
3	googletagmanager.com www.googletagmanager.com	115 KB
2	facebook.com www.facebook.com	460 B
2	google.de www.google.de	988 B
2	google.com www.google.com	988 B
2	doubleclick.net stats.g.doubleclick.net	512 B
2	facebook.net connect.facebook.net	93 KB
2	licdn.com snap.licdn.com	3 KB
1	twitter.com analytics.twitter.com	651 B
1	linkedin.com px.ads.linkedin.com	678 B
1	t.co t.co	448 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googleapis.com fonts.googleapis.com	597 B
1	fontawesome.com use.fontawesome.com	14 KB
67	16

	Domain	Requested by
39	stealthbits.com	stealthbits.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.googletagmanager.com	stealthbits.com www.googletagmanager.com
2	www.facebook.com	stealthbits.com connect.facebook.net
2	www.google.de	stealthbits.com
2	www.google.com	stealthbits.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	connect.facebook.net	stealthbits.com connect.facebook.net
2	snap.licdn.com	stealthbits.com snap.licdn.com
1	analytics.twitter.com	static.ads-twitter.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	px.ads.linkedin.com	stealthbits.com
1	t.co	stealthbits.com
1	static.hotjar.com	stealthbits.com
1	static.ads-twitter.com	stealthbits.com
1	fonts.googleapis.com	stealthbits.com
1	use.fontawesome.com	stealthbits.com
1	www.stealthbits.com	1 redirects
1	blog.stealthbits.com	1 redirects
67	20

This site contains links to these domains. Also see Links.

Domain
attack.stealthbits.com
github.com
hashcat.net
technet.microsoft.com
www.dsinternals.com
go.stealthbits.com
goo.gl
store.stealthbits.com
twitter.com
www.linkedin.com
www.facebook.com
www.youtube.com
www.wpdownloadmanager.com

Subject Issuer	Validity	Valid
stealthbits.com cPanel, Inc. Certification Authority	`2020-10-09` - `2021-01-07`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-01-30`	3 months	crt.sh
*.hotjar.com Amazon	`2020-01-22` - `2021-02-22`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Frame ID: 8DE68BD89281B0817D4100D402FD4EE1
Requests: 69 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: FFAEA785FFDE2DE7F39480E9FF6ED9D0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ HTTP 302
https://www.stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/ HTTP 301
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

67
Requests

100 %
HTTPS

53 %
IPv6

16
Domains

20
Subdomains

19
IPs

5
Countries

1161 kB
Transfer

2932 kB
Size

8
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://attack.stealthbits.com/pass-the-hash-attack-explained
Title: Pass-the-Hash

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz
Title: Mimikatz

Search URL Search Domain Scan URL

URL: https://hashcat.net/hashcat/
Title: Hashcat

Search URL Search Domain Scan URL

URL: https://attack.stealthbits.com/ntds-dit-security-active-directory
Title: retrieve password hashes from the Ntds.dit

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/library/cc753343(v=ws.11).aspx
Title: NTDSUtil

Search URL Search Domain Scan URL

URL: https://github.com/PowerShellMafia/PowerSploit
Title: PowerSploit

Search URL Search Domain Scan URL

URL: https://www.dsinternals.com/en/list-of-cmdlets-in-the-dsinternals-module/
Title: PowerShell module

Search URL Search Domain Scan URL

URL: https://go.stealthbits.com/on-demand-webinar-4-active-directory-attacks-and-how-to-protect-against-them
Title: here

Search URL Search Domain Scan URL

URL: https://www.dsinternals.com/en/dumping-ntds-dit-files-using-powershell/
Title: https://www.dsinternals.com/en/dumping-ntds-dit-files-using-powershell/

Search URL Search Domain Scan URL

URL: https://goo.gl/maps/K2RyN93gpksCH2Ht5
Title: 200 Central AveHawthorne, NJ 07506

Search URL Search Domain Scan URL

URL: https://store.stealthbits.com/
Title: Company Store

Search URL Search Domain Scan URL

URL: https://twitter.com/stealthbits

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/stealthbits-technologies

Search URL Search Domain Scan URL

URL: https://www.facebook.com/stealthbits

Search URL Search Domain Scan URL

URL: https://www.youtube.com/stealthbits

Search URL Search Domain Scan URL

URL: https://www.wpdownloadmanager.com/
Title: WordPress Download Manager - Best Download Management Plugin

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/ HTTP 302
https://www.stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/ HTTP 301
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

67 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Redirect Chain

https://blog.stealthbits.com/extracting-password-hashes-from-the-ntds-dit-file/
https://www.stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

451 KB
65 KB

891ms
884ms

Document
text/html

72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

ef46a0518297c558869630113782b36b10ce8376be8768471cd23829dcf3c598

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: stealthbits.com
:scheme: https
:path: /blog/extracting-password-hashes-from-the-ntds-dit-file/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:28 GMT
server: Apache
x-pingback: https://stealthbits.com/xmlrpc.php
link: <https://stealthbits.com/wp-json/>; rel="https://api.w.org/", <https://stealthbits.com/wp-json/wp/v2/posts/4141>; rel="alternate"; type="application/json"
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cache-control: max-age=2592000
expires: Sat, 16 Jan 2021 19:06:28 GMT
strict-transport-security: max-age=31536000
referrer-policy: same-origin
feature-policy: geolocation 'self'; vibrate 'none'
content-type: text/html; charset=UTF-8

Redirect headers

date: Thu, 17 Dec 2020 19:06:28 GMT
server: Apache
x-pingback: https://stealthbits.com/xmlrpc.php
expires: Thu, 17 Dec 2020 20:06:28 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
content-encoding: gzip
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
location: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
strict-transport-security: max-age=31536000
referrer-policy: same-origin
feature-policy: geolocation 'self'; vibrate 'none'
content-type: text/html; charset=UTF-8

GET
H2 200 header-9ae9c0fefe13ab3486b020a0324f7ba45483c9ca.min.css
stealthbits.com/wp-content/uploads/cache/fvm/1608075018/out/ 52 KB
8 KB 136ms
133ms Stylesheet
text/css 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/uploads/cache/fvm/1608075018/out/header-9ae9c0fefe13ab3486b020a0324f7ba45483c9ca.min.css

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

df05d4175ac6233bfd35523ef451ee1969e97870ab49090f9b0d28c71c3393a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 8480
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:41 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: public
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.12.1/css/ 56 KB
14 KB 312ms
24ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.12.1/css/all.css
Requested by: Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 9a680b90260b5106d79f4075491ab31daafa7429eff686453c40b58357309649

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:28 GMT
content-encoding: gzip
last-modified: Wed, 05 Feb 2020 14:31:17 GMT
server: NetDNA-cache/2.2
etag: W/"2a0e11a7655cf7af50d9152727c134ef"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 header-dc309dc40369fa4bce0ad6c9890606343954e53f.min.css
stealthbits.com/wp-content/uploads/cache/fvm/1608075018/out/ 222 KB
70 KB 231ms
228ms Stylesheet
text/css 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/uploads/cache/fvm/1608075018/out/header-dc309dc40369fa4bce0ad6c9890606343954e53f.min.css

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

c1ea1979790f590cbf0a32a6ad53bf3bc9fbfeb6080b31e430e7d79cea895367

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:41 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: geolocation 'self'; vibrate 'none'
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 jquery.min.js Show response
stealthbits.com/wp-includes/js/jquery/ 87 KB
30 KB 157ms
155ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/jquery.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 30916
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 jquery-migrate.min.js Show response
stealthbits.com/wp-includes/js/jquery/ 11 KB
4 KB 127ms
125ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 4169
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 popper.min.js Show response
stealthbits.com/wp-content/plugins/download-manager/assets/bootstrap/js/ 21 KB
7 KB 131ms
129ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/download-manager/assets/bootstrap/js/popper.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

7028ef6262d35db7dc22b05df3cbb3e93595ce90cd340fdc356620d961b01224

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 7484
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:28:50 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 bootstrap.min.js Show response
stealthbits.com/wp-content/plugins/download-manager/assets/bootstrap/js/ 59 KB
16 KB 152ms
150ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/download-manager/assets/bootstrap/js/bootstrap.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

2ddc752c921c073e6558c329f8392d42d6fbda4c690fcba532a66392d3ea0b87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 15890
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:28:50 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 front.js Show response
stealthbits.com/wp-content/plugins/download-manager/assets/js/ 39 KB
10 KB 169ms
167ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/download-manager/assets/js/front.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

10cbdf805f308eba791f6bd936da151d8c803234e505867c4d17cc10a39ff436

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 10568
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:28:50 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 email-subscribers-public.js Show response
stealthbits.com/wp-content/plugins/email-subscribers/lite/public/js/ 3 KB
1 KB 130ms
128ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/email-subscribers/lite/public/js/email-subscribers-public.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

34e35f893b634d5439db39f3c4f202ddc21aaf406e5724e8c118d513f086752f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1458
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 24 Nov 2020 06:56:25 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 wppb_cpm_main.js Show response
stealthbits.com/wp-content/plugins/pb-add-on-custom-profile-menus/assets/js/ 6 KB
2 KB 131ms
129ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/pb-add-on-custom-profile-menus/assets/js/wppb_cpm_main.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f6dd91d478e580a31d0e4fb044af0d870d52ebeaa26505c54c31975390acaa58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1620
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 18 Nov 2020 15:22:42 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 wpp.min.js Show response
stealthbits.com/wp-content/plugins/wordpress-popular-posts/assets/js/ 3 KB
1 KB 133ms
132ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3caff329d1e76a3a9a8ab8030abed403362ee5490631d7bb9774372388198763

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1215
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Wed, 09 Sep 2020 12:51:44 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 uikit.min.js Show response
stealthbits.com/wp-content/themes/yootheme/vendor/assets/uikit/dist/js/ 129 KB
41 KB 201ms
200ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/themes/yootheme/vendor/assets/uikit/dist/js/uikit.min.js?ver=2.3.25

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

1e33c0d86ac246ae53aad885ec6a8127a4c4fe12624ab3ee56005c1be440d7f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 41678
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:19:30 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 uikit-icons-sonic.min.js Show response
stealthbits.com/wp-content/themes/yootheme/vendor/assets/uikit/dist/js/ 63 KB
18 KB 200ms
200ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/themes/yootheme/vendor/assets/uikit/dist/js/uikit-icons-sonic.min.js?ver=2.3.25

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

aae0f2b6e3492ae0182c008fe6ac5a58fde0d0a9d749724348a42fc3c40dd115

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 18088
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:19:30 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 theme.js Show response
stealthbits.com/wp-content/themes/yootheme/js/ 2 KB
877 B 200ms
199ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/themes/yootheme/js/theme.js?ver=2.3.25

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

6deafb7b968b3c75058507019454a4745b1906f1a266dfc48fb29d19d55d71aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 814
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:19:30 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
597 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Rubik

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

293239735472b93fc0f1be43fed21d04abbe2c0d6872ab92c9ee962c6b0bd357

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Dec 2020 19:05:24 GMT
server: ESF
date: Thu, 17 Dec 2020 19:06:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Dec 2020 19:06:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
39 KB 48ms
27ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1582554-1

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

820b1f1d2f6b924399f57a7d133dbab9323aa453c49d4c734e18e13ec0d10b0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38969
x-xss-protection: 0
last-modified: Thu, 17 Dec 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Dec 2020 19:06:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 55ms
35ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1582554-9

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

965233d6753835c0313b26cde66dfb73bcc9c6b6e2acbebf95afd805f167387f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38969
x-xss-protection: 0
last-modified: Thu, 17 Dec 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Dec 2020 19:06:28 GMT

GET
H2 200 scripts.js Show response
stealthbits.com/wp-content/plugins/contact-form-7/includes/js/ 14 KB
4 KB 207ms
205ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/contact-form-7/includes/js/scripts.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 3951
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:19:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 jquery.form.min.js Show response
stealthbits.com/wp-includes/js/jquery/ 16 KB
6 KB 207ms
204ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/jquery.form.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

3b20c7f4231183b11371d9122369cd5a961ee58a5372cd9f841da82b73ddb0be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 6025
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sun, 06 Oct 2019 05:19:10 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 thickbox.js Show response
stealthbits.com/wp-includes/js/thickbox/ 13 KB
4 KB 212ms
208ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/thickbox/thickbox.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

10446fcfc406f1ac6ebbe55503d7f9ba188635b31559a5ecd38cc2827aa0c131

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 3997
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Mon, 23 May 2016 20:00:30 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 wpcf7-redirect-frontend-script.js Show response
stealthbits.com/wp-content/plugins/wpcf7-redirect/build/js/ 8 KB
2 KB 207ms
204ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/wpcf7-redirect/build/js/wpcf7-redirect-frontend-script.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

c4f1a413e47f90162ead328b5fe465ece8c0e32a1625bce9598d76c420a92f32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1618
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sun, 15 Nov 2020 18:56:27 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 smush-lazy-load.min.js Show response
stealthbits.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 211ms
208ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

bd0ffe6f78dd9edbc15075932ffb9248e02d2f724aeda994c293d775c973b6ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 3796
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 10 Dec 2020 22:01:14 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 comment-reply.min.js Show response
stealthbits.com/wp-includes/js/ 3 KB
1 KB 211ms
208ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/comment-reply.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

a16df2f75e04129b12a5fde7311c7ea9131418080fd3f6bcb2b28ce1faa2fe8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1362
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 29 Oct 2020 20:56:28 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 scripts.js Show response
stealthbits.com/wp-content/plugins/cf7-conditional-fields/js/ 131 KB
30 KB 272ms
269ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/cf7-conditional-fields/js/scripts.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

63ed7587aae416f3f29047a55a25aecedce1a59ebddf871d12254a440ae8e4bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 30901
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 08 Oct 2020 14:44:50 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 core.min.js Show response
stealthbits.com/wp-includes/js/jquery/ui/ 20 KB
7 KB 212ms
209ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

c1c5a298e367fc64f4e974ad8e2a7661b1c0d958e506558d706ecd3fa9640cdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 6909
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 datepicker.min.js Show response
stealthbits.com/wp-includes/js/jquery/ui/ 36 KB
11 KB 213ms
210ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/ui/datepicker.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

305bc7cf181489649000ec5808cb9908b2a2b221c4fb4e468968b907ae87a9f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 10832
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 controlgroup.min.js Show response
stealthbits.com/wp-includes/js/jquery/ui/ 4 KB
2 KB 212ms
209ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/ui/controlgroup.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

476c4f4a890cd25f0d44769bf1c7035c1010ed08b6ca1d6d33cd85ec2d21891a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1604
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 checkboxradio.min.js Show response
stealthbits.com/wp-includes/js/jquery/ui/ 4 KB
1 KB 212ms
209ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/ui/checkboxradio.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

e67e8389ea807e688d3ed12d5c4726c1c565401fe9dce117e181b776a0c1b56f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1403
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 button.min.js Show response
stealthbits.com/wp-includes/js/jquery/ui/ 5 KB
2 KB 212ms
210ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/ui/button.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b4bef60cb06749c91bbc0dd7a6aff62b633aecf89da93a379cebb3fe2a690484

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 1670
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 spinner.min.js Show response
stealthbits.com/wp-includes/js/jquery/ui/ 7 KB
2 KB 211ms
208ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/jquery/ui/spinner.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

45b8547f30738dc732e34ac2984254bf41a51bbafd0e2274e042667c5f0240aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 2419
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:30:18 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 script.min.js Show response
stealthbits.com/wp-content/plugins/boxzilla/assets/js/ 15 KB
5 KB 211ms
209ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/plugins/boxzilla/assets/js/script.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

dbb1d2163b19fd95ea957b3ed6fabc71a42cd6a9aef616b5be443c4791273302

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 4998
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 03 Nov 2020 15:27:45 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

GET
H2 200 wp-embed.min.js Show response
stealthbits.com/wp-includes/js/ 1 KB
832 B 212ms
210ms Script
text/javascript 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-includes/js/wp-embed.min.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 769
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Sat, 26 Oct 2019 09:47:08 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: text/javascript
cache-control: private
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:29 GMT

POST
H2 201 popular-posts Show response
stealthbits.com/wp-json/wordpress-popular-posts/v1/ 55 B
486 B 784ms
783ms XHR
application/json 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-json/wordpress-popular-posts/v1/popular-posts

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

b47e9ae8f830c1b04e1579a2b6d1fda4eb0fae1d3f1ee1a3b1440c131068815c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Origin,Accept-Encoding,User-Agent
allow: GET, POST
x-xss-protection: 1; mode=block
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
referrer-policy: same-origin
expires: Sat, 16 Jan 2021 19:06:30 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://stealthbits.com
x-wp-nonce: 3beb20b397
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
access-control-allow-credentials: true
x-robots-tag: noindex
link: <https://stealthbits.com/wp-json/>; rel="https://api.w.org/"
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 font-f52a7fb7.woff2
stealthbits.com/wp-content/themes/yootheme/fonts/ 19 KB
19 KB 129ms
128ms Font
font/woff2 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/themes/yootheme/fonts/font-f52a7fb7.woff2

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://stealthbits.com
Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 19503
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 22 Oct 2020 16:57:57 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:30 GMT

GET
H2 200 font-967cac8c.woff2
stealthbits.com/wp-content/themes/yootheme/fonts/ 19 KB
19 KB 130ms
129ms Font
font/woff2 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/themes/yootheme/fonts/font-967cac8c.woff2

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://stealthbits.com
Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 19195
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 22 Oct 2020 16:57:57 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:30 GMT

GET
H2 200 font-0dfa87e1.woff2
stealthbits.com/wp-content/themes/yootheme/fonts/ 19 KB
19 KB 130ms
130ms Font
font/woff2 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/themes/yootheme/fonts/font-0dfa87e1.woff2

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://stealthbits.com
Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 19295
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 22 Oct 2020 05:23:16 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:30 GMT

GET
H2 200 font-0ca8fbe7.woff2
stealthbits.com/wp-content/themes/yootheme/fonts/ 19 KB
19 KB 129ms
129ms Font
font/woff2 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://stealthbits.com/wp-content/themes/yootheme/fonts/font-0ca8fbe7.woff2

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://stealthbits.com
Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 19287
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 22 Oct 2020 16:57:57 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:30 GMT

GET
DATA 200
OK truncated
/ 72 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d954114d20dd5adea033aab6aed26ab13b5ffbeb73f4d782ec41299575f91494

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 701effafecb8251a502136ba3750cc2df8ebbb17652108d737cc55dd7be9b0fe

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 93ms
31ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:28 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 77613
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1608231989.933484,VS0,VE0
x-served-by: cache-hhn11523-HHN

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 23ms
8ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 17 Dec 2020 19:06:28 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=71815
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 90 KB
24 KB 20ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d4762bbdf73408777dc886ffe61d98654a39456cc19284fcec395a56c54518e1

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23366
x-fb-rlafr: 0
pragma: public
x-fb-debug: YDNImm+myYWoOYIRxyp4buE1tdoCadWyzuniATIVLt4wu4MTccA3KS1tuIQd3y8izRabbNmCUueBTM9TY5ebfg==
x-fb-trip-id: 1527350943
x-frame-options: DENY
date: Thu, 17 Dec 2020 19:06:28 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-2022311.js Show response
static.hotjar.com/c/ 3 KB
2 KB 174ms
108ms Script
application/javascript 65.9.68.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2022311.js?sv=6

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.64 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ec9b245e54314819350d82ae5bc428a808ccd589a97919a3b644e18dc9a17748

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:13 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 15
etag: W/c17602d4935fd0d9e31f60d696a1a8ff
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: FRA56-C1
content-length: 1548
via: 1.1 cf2939e85531f45f3306f792ea104eab.cloudfront.net (CloudFront)
x-amz-cf-id: eAQlT8Dqoq6wjXaCzSRkuVNoxdFXa8sdPNTFmCNwdBVLmpqimbxObQ==

GET
H2 200 logo-ca52daf1.webp
stealthbits.com/wp-content/themes/yootheme/cache/ 4 KB
4 KB 288ms
288ms Image
image/webp 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stealthbits.com/wp-content/themes/yootheme/cache/logo-ca52daf1.webp

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

923868d7d75fecd9502ea36dad4d58254d1e3dd9683ebea03cb965f48e0a5666

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 4433
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:19:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:30 GMT

GET
H2 200 loadingAnimation.gif
stealthbits.com/wp-includes/js/thickbox/ 15 KB
15 KB 222ms
222ms Image
image/gif 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stealthbits.com/wp-includes/js/thickbox/loadingAnimation.gif

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
referrer-policy: same-origin
last-modified: Tue, 06 Nov 2012 07:30:16 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/gif
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: geolocation 'self'; vibrate 'none'
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 15238
x-content-type-options: nosniff
expires: Fri, 17 Dec 2021 19:06:30 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1582554-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4553
date: Thu, 17 Dec 2020 17:50:35 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Thu, 17 Dec 2020 19:50:35 GMT

GET
H3-Q050 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
39 KB 49ms
35ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1582554-9&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1582554-1

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6968fe2e4ea874d8320c8a5e26a465bfd45db464b09d32b41aced745377390d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38984
x-xss-protection: 0
last-modified: Thu, 17 Dec 2020 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Dec 2020 19:06:29 GMT

GET
H2 200 sb-blog-bg-192122c4-1b00e028.webp
stealthbits.com/wp-content/themes/yootheme/cache/ 320 KB
322 KB 214ms
213ms Image
image/webp 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stealthbits.com/wp-content/themes/yootheme/cache/sb-blog-bg-192122c4-1b00e028.webp

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

c1a757218f0c1d8551274e368a081f0a1fedd6be5ef5bfe91194a3289332cc7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:20:43 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/webp
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
expires: Sat, 16 Jan 2021 19:06:30 GMT

GET
H2 200 Blo-Series-Active-Directory-Attacks-and-How-to-Protect-Agaisnt-Them-1-b083d901.webp
stealthbits.com/wp-content/themes/yootheme/cache/ 27 KB
28 KB 211ms
211ms Image
image/webp 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stealthbits.com/wp-content/themes/yootheme/cache/Blo-Series-Active-Directory-Attacks-and-How-to-Protect-Agaisnt-Them-1-b083d901.webp

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

fede22b63503d6f4fb3c275cf9f073c6f6295c56e9fb1184e5af8f5ff282ee09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding,User-Agent
content-length: 28017
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 15 Dec 2020 23:20:43 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: max-age=2592000
feature-policy: geolocation 'self'; vibrate 'none'
accept-ranges: bytes
expires: Sat, 16 Jan 2021 19:06:30 GMT

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 17 Dec 2020 19:06:28 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=64284
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 1393794454121660 Show response
connect.facebook.net/signals/config/ 238 KB
70 KB 42ms
41ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1393794454121660?v=2.9.30&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7ab1dedf7a5e505d152849d572190e14b2943a6379a2be4708234bdbcd107b7c

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: TblLEJRjHqd5WNjhVLPYM5YuXwTHSgX+A+5BoIxIAdENhJxp+ZV4DL2dnMbuxeb+t7j9gE7DLZIf9vx6vTscTg==
x-fb-trip-id: 1527350943
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 17 Dec 2020 19:06:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 1219335184
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
67 B 14ms
14ms XHR
text/plain 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1178799466&t=pageview&_s=1&dl=https%3A%2F%2Fstealthbits.com%2Fblog%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&ul=en-us&de=UTF-8&dt=Extracting%20Password%20Hashes%20from%20the%20Ntds.dit%20File%20%7C%20Insider%20Threat%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUADQAAAAC~&jid=1364492312&gjid=1574835093&cid=1716187301.1608231989&tid=UA-1582554-1&_gid=357927759.1608231989&_r=1&gtm=2oubu0&z=161086177

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Dec 2020 19:06:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://stealthbits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 89 KB
35 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-N8VQG9C&t=gtag_UA_1582554_9&cid=1716187301.1608231989

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d3ef1f221aad904c6bd6a3a1606899344039086428568e40313a847ff673a240

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35784
x-xss-protection: 0
expires: Thu, 17 Dec 2020 19:06:29 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 227ms
158ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o2mn2&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fstealthbits.com%2Fblog%2Fextracting-password-hashes-from-the-ntds-dit-file%2F

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 125
pragma: no-cache
last-modified: Thu, 17 Dec 2020 19:06:29 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 8f7b8221eaab77f5bedfd1f8683e4392
x-transaction: 00aa73e200802680
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 collect
px.ads.linkedin.com/ 0
678 B 144ms
116ms Image
application/javascript 2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1489498&url=https%3A%2F%2Fstealthbits.com%2Fblog%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&time=1608231989012
Requested by: Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: dLV1J3mWURbAhgiHmisAAA==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
89 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1582554-1&cid=1716187301.1608231989&jid=1364492312&gjid=1574835093&_gid=357927759.1608231989&_u=IEBAAUACQAAAAC~&z=12772377

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Dec 2020 19:06:29 GMT
content-type: text/plain
access-control-allow-origin: https://stealthbits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
505 B 54ms
32ms Image
image/gif 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1582554-1&cid=1716187301.1608231989&jid=1364492312&_u=IEBAAUACQAAAAC~&z=688234984

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Dec 2020 19:06:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
505 B 53ms
31ms Image
image/gif 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1582554-1&cid=1716187301.1608231989&jid=1364492312&_u=IEBAAUACQAAAAC~&z=688234984

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Dec 2020 19:06:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 13ms
13ms XHR
text/plain 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1178799466&t=pageview&_s=1&dl=https%3A%2F%2Fstealthbits.com%2Fblog%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&ul=en-us&de=UTF-8&dt=Extracting%20Password%20Hashes%20from%20the%20Ntds.dit%20File%20%7C%20Insider%20Threat%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGDAAUADQAAAAC~&jid=425504521&gjid=1931379983&cid=1716187301.1608231989&tid=UA-1582554-9&_gid=357927759.1608231989&_r=1&gtm=2oubu0&z=784357793

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Dec 2020 19:06:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://stealthbits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.5d1cad31427a09b055ed.js Show response
script.hotjar.com/ 223 KB
59 KB 123ms
37ms Script
application/javascript 65.9.68.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.5d1cad31427a09b055ed.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2022311.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.68.48 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

3bab90335837b0878fc05a0cb4605e78f1479d61cefb0653f7b448eac171ebbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Dec 2020 15:55:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 97832
x-cache: Hit from cloudfront
content-length: 59800
access-control-allow-origin: *
last-modified: Wed, 16 Dec 2020 15:53:26 GMT
etag: "e84a105a276cfecf4b45f77c9e4a6030"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 7e513424eee237ee26467e8fd5656ec1.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Q3L09tn3gC9FSx8YgoZl5nAcljlKJHZTrGLPZdnO5Wrb5vpKJttqsg==

GET
H2 200 /
www.facebook.com/tr/ 44 B
378 B 20ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1393794454121660&ev=PageView&dl=https%3A%2F%2Fstealthbits.com%2Fblog%2Fextracting-password-hashes-from-the-ntds-dit-file%2F&rl=&if=false&ts=1608231989062&sw=1600&sh=1200&v=2.9.30&r=stable&ec=0&o=30&fbp=fb.1.1608231989061.2039062047&it=1608231988991&coo=false&rqm=GET

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 17 Dec 2020 19:06:29 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
423 B 87ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-1582554-9&cid=1716187301.1608231989&jid=425504521&gjid=1931379983&_gid=357927759.1608231989&_u=KGDAAUADQAAAAC~&z=2132466730

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Dec 2020 19:06:29 GMT
content-type: text/plain
access-control-allow-origin: https://stealthbits.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame FFAE 0
0 106ms
33ms Document
text/html 143.204.202.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2022311.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.202.71 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-71.fra53.r.cloudfront.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html
content-length: 851
date: Fri, 06 Nov 2020 22:29:56 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Fri, 06 Nov 2020 16:42:59 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7549433a09d06354ea864d169b689e51.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: oUK56TtS5SJXGDgEbtxMGWwASfLE7Ega1mtCJ8qDakNpBse-NCq88g==
age: 3530193

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
483 B 57ms
43ms Image
image/gif 2a00:1450:4001:824::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1582554-9&cid=1716187301.1608231989&jid=425504521&_u=KGDAAUADQAAAAC~&z=363213107

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Dec 2020 19:06:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
483 B 58ms
43ms Image
image/gif 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-1582554-9&cid=1716187301.1608231989&jid=425504521&_u=KGDAAUADQAAAAC~&z=363213107

Requested by

Host: stealthbits.com
URL: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Dec 2020 19:06:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 227ms
156ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=o2mn2&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fstealthbits.com%2Fblog%2Fextracting-password-hashes-from-the-ntds-dit-file%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 123
pragma: no-cache
last-modified: Thu, 17 Dec 2020 19:06:29 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 4cdc1b9d1fdabeb3f70853b7b3d6f166
x-transaction: 0078e561004b52df
expires: Tue, 31 Mar 1981 05:00:00 GMT

POST
H2 200 /
www.facebook.com/tr/ 0
82 B 7ms
7ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryEUfgLglD4Y1nkGCe

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Thu, 17 Dec 2020 19:06:29 GMT
content-type: text/plain
access-control-allow-origin: https://stealthbits.com
access-control-allow-credentials: true
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 Image-1.png
stealthbits.com/wp-content/uploads/2017/03/ 11 KB
11 KB 124ms
124ms Image
image/png 72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stealthbits.com/wp-content/uploads/2017/03/Image-1.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 Lansing, United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f08a3b61888d8e62a6552cdedee193ae852a656d4d66078bea819915b908bac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 17 Dec 2020 19:06:31 GMT
referrer-policy: same-origin
last-modified: Thu, 23 Mar 2017 14:32:55 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: geolocation 'self'; vibrate 'none'
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 10972
x-content-type-options: nosniff
expires: Fri, 17 Dec 2021 19:06:31 GMT

Verdicts & Comments Add Verdict or Comment

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.stealthbits.com/	1970-01-19 14:43:53	Name: _hjAbsoluteSessionInProgress Value: 0
.stealthbits.com/	1970-01-19 14:43:53	Name: _hjFirstSeen Value: 1
.stealthbits.com/	1970-01-19 23:29:27	Name: _hjid Value: ca0d8aba-57e4-4273-a3a5-cc03f974b08e
.stealthbits.com/	1970-01-19 14:43:52	Name: _gat_gtag_UA_1582554_1 Value: 1
.stealthbits.com/	1970-01-19 16:53:27	Name: _fbp Value: fb.1.1608231989061.2039062047
.stealthbits.com/	1970-01-19 14:43:52	Name: _gat_gtag_UA_1582554_9 Value: 1
.stealthbits.com/	1970-01-19 14:45:18	Name: _gid Value: GA1.2.357927759.1608231989
.stealthbits.com/	1970-01-20 08:15:03	Name: _ga Value: GA1.2.1716187301.1608231989

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://stealthbits.com/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
blog.stealthbits.com
connect.facebook.net
fonts.googleapis.com
px.ads.linkedin.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
stealthbits.com
t.co
use.fontawesome.com
vars.hotjar.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.stealthbits.com
104.244.42.131
104.244.42.69
143.204.202.71
199.232.136.157
209.59.132.164
23.111.9.35
2a00:1450:4001:808::2008
2a00:1450:4001:817::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:820::200e
2a00:1450:4001:824::2004
2a00:1450:400c:c0c::9d
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
65.9.68.48
65.9.68.64
72.52.228.51
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
10446fcfc406f1ac6ebbe55503d7f9ba188635b31559a5ecd38cc2827aa0c131
10cbdf805f308eba791f6bd936da151d8c803234e505867c4d17cc10a39ff436
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c
1e33c0d86ac246ae53aad885ec6a8127a4c4fe12624ab3ee56005c1be440d7f8
293239735472b93fc0f1be43fed21d04abbe2c0d6872ab92c9ee962c6b0bd357
2ddc752c921c073e6558c329f8392d42d6fbda4c690fcba532a66392d3ea0b87
305bc7cf181489649000ec5808cb9908b2a2b221c4fb4e468968b907ae87a9f3
34e35f893b634d5439db39f3c4f202ddc21aaf406e5724e8c118d513f086752f
3b20c7f4231183b11371d9122369cd5a961ee58a5372cd9f841da82b73ddb0be
3bab90335837b0878fc05a0cb4605e78f1479d61cefb0653f7b448eac171ebbe
3caff329d1e76a3a9a8ab8030abed403362ee5490631d7bb9774372388198763
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4545eb1dec25fe868d19dc292d417d8a9e41c0276d75a4eaf524a9db21aa705a
45b8547f30738dc732e34ac2984254bf41a51bbafd0e2274e042667c5f0240aa
476c4f4a890cd25f0d44769bf1c7035c1010ed08b6ca1d6d33cd85ec2d21891a
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
63ed7587aae416f3f29047a55a25aecedce1a59ebddf871d12254a440ae8e4bf
6968fe2e4ea874d8320c8a5e26a465bfd45db464b09d32b41aced745377390d4
6a486bb6036ea984d293ab009566e99e522abc19f8833c5fd49630be7eba0135
6deafb7b968b3c75058507019454a4745b1906f1a266dfc48fb29d19d55d71aa
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
701effafecb8251a502136ba3750cc2df8ebbb17652108d737cc55dd7be9b0fe
7028ef6262d35db7dc22b05df3cbb3e93595ce90cd340fdc356620d961b01224
7ab1dedf7a5e505d152849d572190e14b2943a6379a2be4708234bdbcd107b7c
820b1f1d2f6b924399f57a7d133dbab9323aa453c49d4c734e18e13ec0d10b0a
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8767f01caa430c5bd4e3b008a8e9dfe022156a4e91a23c394fdcb05c267f1b94
923868d7d75fecd9502ea36dad4d58254d1e3dd9683ebea03cb965f48e0a5666
965233d6753835c0313b26cde66dfb73bcc9c6b6e2acbebf95afd805f167387f
965574e97c29813feaa62a0a149731306ee4725e027603b937905375d3121c89
9a680b90260b5106d79f4075491ab31daafa7429eff686453c40b58357309649
a16df2f75e04129b12a5fde7311c7ea9131418080fd3f6bcb2b28ce1faa2fe8e
aae0f2b6e3492ae0182c008fe6ac5a58fde0d0a9d749724348a42fc3c40dd115
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b47e9ae8f830c1b04e1579a2b6d1fda4eb0fae1d3f1ee1a3b1440c131068815c
b4bef60cb06749c91bbc0dd7a6aff62b633aecf89da93a379cebb3fe2a690484
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd0ffe6f78dd9edbc15075932ffb9248e02d2f724aeda994c293d775c973b6ed
c1a757218f0c1d8551274e368a081f0a1fedd6be5ef5bfe91194a3289332cc7a
c1c5a298e367fc64f4e974ad8e2a7661b1c0d958e506558d706ecd3fa9640cdc
c1ea1979790f590cbf0a32a6ad53bf3bc9fbfeb6080b31e430e7d79cea895367
c4f1a413e47f90162ead328b5fe465ece8c0e32a1625bce9598d76c420a92f32
d10e701c44ab739c7d711b6483def0c6cd47e5a3d04eda1df2c5cbb08f21d81a
d3ef1f221aad904c6bd6a3a1606899344039086428568e40313a847ff673a240
d4762bbdf73408777dc886ffe61d98654a39456cc19284fcec395a56c54518e1
d954114d20dd5adea033aab6aed26ab13b5ffbeb73f4d782ec41299575f91494
dbb1d2163b19fd95ea957b3ed6fabc71a42cd6a9aef616b5be443c4791273302
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df05d4175ac6233bfd35523ef451ee1969e97870ab49090f9b0d28c71c3393a4
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e67e8389ea807e688d3ed12d5c4726c1c565401fe9dce117e181b776a0c1b56f
ec9b245e54314819350d82ae5bc428a808ccd589a97919a3b644e18dc9a17748
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef46a0518297c558869630113782b36b10ce8376be8768471cd23829dcf3c598
f08a3b61888d8e62a6552cdedee193ae852a656d4d66078bea819915b908bac5
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
f6dd91d478e580a31d0e4fb044af0d870d52ebeaa26505c54c31975390acaa58
fede22b63503d6f4fb3c275cf9f073c6f6295c56e9fb1184e5af8f5ff282ee09

stealthbits.com Open in urlscan Pro 72.52.228.51 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

67 Requests

100 %HTTPS

53 %IPv6

16 Domains

20 Subdomains

19 IPs

5 Countries

1161 kBTransfer

2932 kBSize

8 Cookies

16 Outgoing links

Page URL History

Redirected requests

67 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

stealthbits.com Open in urlscan Pro
72.52.228.51 Public Scan

Screenshot
Live screenshot

Full Image

67
Requests

100 %
HTTPS

53 %
IPv6

16
Domains

20
Subdomains

19
IPs

5
Countries

1161 kB
Transfer

2932 kB
Size

8
Cookies

67 HTTP transactions
3 data transactions