pentestlaboratories.com Open in urlscan Pro
192.0.78.24 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Effective URL:
https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Submission: On October 17 via manual (October 17th 2023, 2:15:52 pm UTC) from IN — Scanned from DE

Summary HTTP 78 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 18 IPs in 3 countries across 12 domains to perform 78 HTTP transactions. The main IP is 192.0.78.24, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is pentestlaboratories.com.
TLS certificate: Issued by R3 on August 21st 2023. Valid for: 3 months.

This is the only time pentestlaboratories.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	192.0.78.24 192.0.78.24	2635 (AUTOMATTIC) (AUTOMATTIC)
35	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
6	192.0.72.27 192.0.72.27	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
4	192.0.123.248 192.0.123.248	2635 (AUTOMATTIC) (AUTOMATTIC)
4	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
8	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	192.0.78.18 192.0.78.18	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
78	18

4 192.0.78.24 (San Francisco, United States) 1 redirects

ASN2635 (AUTOMATTIC, US)

pentestlaboratories.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 192.0.72.27 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

pentestlaboratories.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.123.248 (Los Angeles, United States)

ASN2635 (AUTOMATTIC, US)
PTR: polldaddy.com

polldaddy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.18 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

r-login.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.23 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	wp.com s0.wp.com — Cisco Umbrella Rank: 8417 fonts-api.wp.com — Cisco Umbrella Rank: 17404 stats.wp.com — Cisco Umbrella Rank: 3047 fonts.wp.com — Cisco Umbrella Rank: 18381 widgets.wp.com — Cisco Umbrella Rank: 12452 pixel.wp.com — Cisco Umbrella Rank: 2968	416 KB
8	youtube.com www.youtube.com — Cisco Umbrella Rank: 85	1018 KB
8	wordpress.com pentestlaboratories.files.wordpress.com r-login.wordpress.com — Cisco Umbrella Rank: 28901 public-api.wordpress.com — Cisco Umbrella Rank: 9647	91 KB
4	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 237	31 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	48 KB
4	polldaddy.com polldaddy.com — Cisco Umbrella Rank: 37817	10 KB
4	pentestlaboratories.com 1 redirects pentestlaboratories.com	35 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 static.doubleclick.net — Cisco Umbrella Rank: 304	1 KB
2	gravatar.com 0.gravatar.com — Cisco Umbrella Rank: 8873	6 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 224	3 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 104	18 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	15 KB
78	12

	Domain	Requested by
25	s0.wp.com	pentestlaboratories.com widgets.wp.com public-api.wordpress.com
8	www.youtube.com	pentestlaboratories.com www.youtube.com
6	pentestlaboratories.files.wordpress.com	pentestlaboratories.com
5	fonts.wp.com	fonts-api.wp.com
4	jnn-pa.googleapis.com	www.youtube.com
4	polldaddy.com	pentestlaboratories.com polldaddy.com
4	fonts-api.wp.com	pentestlaboratories.com s0.wp.com
4	pentestlaboratories.com	1 redirects s0.wp.com
3	pixel.wp.com	pentestlaboratories.com
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
2	fonts.gstatic.com	www.youtube.com
2	0.gravatar.com	pentestlaboratories.com 0.gravatar.com
1	public-api.wordpress.com	s0.wp.com
1	r-login.wordpress.com	pentestlaboratories.com
1	widgets.wp.com	pentestlaboratories.com
1	yt3.ggpht.com	www.youtube.com
1	i.ytimg.com	www.youtube.com
1	www.google.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	stats.wp.com	pentestlaboratories.com
78	21

This site contains links to these domains. Also see Links.

Domain
twitter.com
github.com
fatrodzianko.com
www.contextis.com
docs.microsoft.com
www.mdsec.co.uk
amsi.fail
sensepost.com
gist.github.com
attack.mitre.org
pentestlab.blog
akismet.com
www.youtube.com
www.instagram.com
www.linkedin.com
www.facebook.com
discord.gg
wordpress.com
pentestlaboratories.wordpress.com
wp.me
en.wordpress.com
subscribe.wordpress.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2023-08-21` - `2023-11-19`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.files.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.polldaddy.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-21` - `2023-11-21`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.wordpress.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Frame ID: 5A96C88C966103D85EFD82205AEBFD63
Requests: 54 HTTP requests in this frame

Frame: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
Frame ID: 04E9BF2E503C5CF5A2F7548F39BF1003
Requests: 20 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=20230906
Frame ID: 8B02C54FA15A0C6D83975138AE699D84
Requests: 3 HTTP requests in this frame

Frame: https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9wZW50ZXN0bGFib3JhdG9yaWVzLmNvbQ%3D%3D&wpcomid=151987412&time=1697552146
Frame ID: 820C54DC684B81B1B905321775CDA07B
Requests: 1 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: 5BBC1799BED98E5BF760643833B9DB24
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AMSI Bypass Methods | Pentest LaboratoriesAMSI Bypass Methods – Pentest Laboratories

Page URL History Show full URLs

http://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/ HTTP 301
https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

78
Requests

97 %
HTTPS

59 %
IPv6

12
Domains

21
Subdomains

18
IPs

3
Countries

1730 kB
Transfer

5164 kB
Size

2
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/ShitSecure
Title: Fabian Mosch

Search URL Search Domain Scan URL

URL: https://twitter.com/mattifestation
Title: Matt Graeber

Search URL Search Domain Scan URL

URL: https://twitter.com/_RastaMouse
Title: Daniel Duggan

Search URL Search Domain Scan URL

URL: https://github.com/rasta-mouse/AmsiScanBufferBypass
Title: AMSI bypass

Search URL Search Domain Scan URL

URL: https://github.com/RythmStick/AMSITrigger
Title: AMSITrigger

Search URL Search Domain Scan URL

URL: https://fatrodzianko.com/2020/08/25/getting-rastamouses-amsiscanbufferbypass-to-work-again/
Title: article

Search URL Search Domain Scan URL

URL: https://www.contextis.com/us/blog/amsi-bypass
Title: bypass

Search URL Search Domain Scan URL

URL: https://twitter.com/am0nsec
Title: Paul Laine

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/api/amsi/ne-amsi-amsi_result
Title: AMSI_RESULT

Search URL Search Domain Scan URL

URL: https://twitter.com/_xpn_
Title: Adam Chester

Search URL Search Domain Scan URL

URL: https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
Title: Exploring PowerShell AMSI and Logging Evasion

Search URL Search Domain Scan URL

URL: https://amsi.fail/
Title: amsi.fail

Search URL Search Domain Scan URL

URL: https://twitter.com/Flangvik
Title: Melvin Langvik

Search URL Search Domain Scan URL

URL: https://sensepost.com/blog/2020/resurrecting-an-old-amsi-bypass/
Title: SensePost

Search URL Search Domain Scan URL

URL: https://gist.github.com/FatRodzianko/c8a76537b5a87b850c7d158728717998
Title: AmsiOpcodeBytes

Search URL Search Domain Scan URL

URL: https://gist.github.com/am0nsec/986db36000d82b39c73218facc557628
Title: AMSI-Bypass

Search URL Search Domain Scan URL

URL: https://gist.github.com/am0nsec/854a6662f9df165789c8ed2b556e9597
Title: AMSI-Bypass

Search URL Search Domain Scan URL

URL: https://github.com/med0x2e/NoAmci
Title: NoAmci

Search URL Search Domain Scan URL

URL: https://github.com/tomcarver16/AmsiHook
Title: AmsiHook

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/001/
Title: T1059.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1106/
Title: T1106

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1055/001/
Title: T1055.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/
Title: T1027

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562/001/
Title: T1562.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1574/001/
Title: T1574.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1132/001/
Title: T1132.001

Search URL Search Domain Scan URL

URL: http://pentestlab.blog/2021/05/17/persistence-amsi/
Title: Persistence – AMSI – Penetration Testing Lab

Search URL Search Domain Scan URL

URL: https://akismet.com/privacy/
Title: Learn how your comment data is processed

Search URL Search Domain Scan URL

URL: https://twitter.com/pentestlabltd
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/PentestLaboratories
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/pentestlaboratories/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/26271095
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/pentestlaboratory/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://discord.gg/rR6FJBH
Title: Discord

Search URL Search Domain Scan URL

URL: https://wordpress.com/?ref=footer_custom_powered
Title: Website Powered by WordPress.com

Search URL Search Domain Scan URL

URL: https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Fpentestlaboratories.com%252F2021%252F05%252F17%252Famsi-bypass-methods%252F
Title: Log in now.

Search URL Search Domain Scan URL

URL: https://pentestlaboratories.wordpress.com/wp-admin/customize.php?url=https%3A%2F%2Fpentestlaboratories.wordpress.com%2F2021%2F05%2F17%2Famsi-bypass-methods%2F
Title: Customize

Search URL Search Domain Scan URL

URL: https://wordpress.com/start/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://wp.me/pahIRS-JS
Title: Copy shortlink

Search URL Search Domain Scan URL

URL: http://en.wordpress.com/abuse/?report_url=https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Title: Report this content

Search URL Search Domain Scan URL

URL: https://wordpress.com/read/blogs/151987412/posts/2844
Title: View post in Reader

Search URL Search Domain Scan URL

URL: https://subscribe.wordpress.com/
Title: Manage subscriptions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/ HTTP 301
https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

78 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Redirect Chain

http://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

149 KB
33 KB

375ms
338ms

Document
text/html

192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

51fdfe3f99267a8ccfe4d78a7bf52b288e2c2d3eb37bf836cfe7811764e24f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 17 Oct 2023 14:15:46 GMT
host-header: WordPress.com
link: <https://wp.me/pahIRS-JS>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding accept, content-type, cookie
x-ac: 2.hhn _dfw EXPIRED
x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
x-pingback: https://pentestlaboratories.com/xmlrpc.php

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Tue, 17 Oct 2023 14:15:45 GMT
Location: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Server: nginx
X-ac: 2.hhn _dfw BYPASS

GET
H2 200 webfont.js Show response
s0.wp.com/wp-content/plugins/custom-fonts/js/ 12 KB
5 KB 142ms
92ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
server: nginx
x-minify: t
etag: W/12493-1684465162909.724
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 20:23:52 GMT

GET
H2 200 /
s0.wp.com/_static/ 275 KB
32 KB 190ms
145ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNkFtOAzEMRTdEYlKqAh+ItWQSK3LrPBQnRdk9w6gMQwGVzyP7nlwH3opyOTVMDWJXhXugJHDEVqw7XRikJ4jZd0aBimwbelWytCvSTuQOfjcynfDLu9CP9c/d0GecsIZ5UhHO5qCftIGpE3uYOC+Cqdo6QNpgXEWUHHf/8Y5ARE8WGeNSZAOF7cCqGIN1Q0dKt+PzbMvfQn+XX5pubrYj96ZCJX9V+9+KahulIDfiLl9iO23mf1NCsTCqime9B0/S1g21il7jizk8P5q9edjdH98BLkbHcA==&cssminify=yes
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b49cc89425b059a20b8a25ae1ae9ea028701c82c8221b100333935c6ca47b185

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Thu, 12 Oct 2023 20:08:56 GMT
server: nginx
etag: W/"65285258-44b2b"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 15 Oct 2024 17:28:50 GMT

GET
H2 200 /
s0.wp.com/_static/ 369 B
651 B 190ms
145ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
x-ac: 2.hhn _dfw BYPASS
last-modified: Sun, 19 Dec 2021 04:31:32 GMT
server: nginx
etag: "61beb5a4-171"
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
content-length: 369
expires: Fri, 10 Nov 2023 15:12:40 GMT

GET
H2 200 /
s0.wp.com/_static/ 149 KB
50 KB 188ms
144ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyVUdFOAzEM+yFKBEhoPCA+BfXaULK1TdWk3Pb3ZDvEBkwnob7Yke04KszNBa6KVaEM1/JIVAU+sE+jQCRRoBpxfxtEbuC6OHApNnKZdmhMfk0WK0FlJXPLN1jL3KI2H3ZfHGRUeKUaIGHFvsRchX8y9R2LtWpjgsTdW5QeMq7JMNrC466T0s3Nrvln1cJxZIubKSZUAeFAPrul7CVZy03ILnPwSlx/EPeWPfU1a8cpczKYTt9xpkfTS3m+e3yyt3nY3G8/AbtJwTk=&cssminify=yes
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 34af51123a0d85d4c6a352a539d25569efa564eb285a95c03509a7dd299ef795

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Tue, 10 Oct 2023 20:06:29 GMT
server: nginx
etag: W/"6525aec5-25232"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 10 Oct 2024 19:44:01 GMT

GET
H2 200 global-print.css
s0.wp.com/wp-content/mu-plugins/global-print/ 5 KB
2 KB 24ms
23ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035i&cssminify=yes
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
x-minify: t
etag: W/8044-1684465181225.707
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:44 GMT

GET
H2 200 css
fonts-api.wp.com/ 10 KB
1 KB 192ms
147ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Noto+Sans%3A400%2C700%2C400italic%2C700italic&subset=latin%2Clatin-ext

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

08575c86a3e7dc7195b1ff5fcac9c651cb2e677c844cfe66fc71d7542fae1663

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 2
last-modified: Tue, 17 Oct 2023 14:01:10 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 css
fonts-api.wp.com/ 10 KB
1 KB 193ms
149ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Noto+Serif%3A400%2C700%2C400italic%2C700italic&subset=latin%2Clatin-ext

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9ea05939808fc41e2fcf16e2ec6363314d634c71f07586048eec5e569dacd701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 2
last-modified: Tue, 17 Oct 2023 14:07:42 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 css
fonts-api.wp.com/ 409 B
755 B 193ms
148ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Droid+Sans+Mono

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2ff60ca73f19b68a881f4e79b91af955945969b051f9e51565fcb83f6ab6dd3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 2
last-modified: Tue, 17 Oct 2023 12:51:41 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 style-wpcom.css
s0.wp.com/wp-content/themes/pub/goran/inc/ 5 KB
1 KB 188ms
145ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/themes/pub/goran/inc/style-wpcom.css?m=1453284068i&cssminify=yes
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4cdf6eb1b7aaf63db500e67cb9b666332e6426b55d1fae9defbd2534ee155296

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
x-minify: t
etag: W/5848-1684465375493.7214
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:24:02 GMT

GET
H2 200 /
s0.wp.com/_static/ 29 KB
11 KB 188ms
144ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNjcsKAjEMRX/IGoVhxlmInyKZNrQd06SYFvHvfeBG3Li7By7nwK06r9JIGpTuKveYxWClVtFfPgzWBYqGzmRgCa8UMIT7e2aJW2+2gb9F5yweTH1GdqxR7Qt+ZC1ReWbTAJF1QX4dTuW4H+dpNxzGaV4fuThIcQ==&cssminify=yes
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b0f532fd5edcf855b213a1afe2a0be619f483c3fd5c076bac9bb8f3e7f94eecf

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Wed, 11 Oct 2023 18:24:50 GMT
server: nginx
etag: W/"6526e872-75c1"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 10 Oct 2024 18:34:00 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 134 KB
44 KB 187ms
145ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyVkOFKBDEMhF/IXlTYBX+Ij3J027ik1zY1SVf37V2hyiko+CtM+MjMBF6bC1wNq0FSKLxQRtcVxa/HzlF95lPSG7jiSnct95WqQkJrPlyGBu0VzlQDLJ1yBMHsDaNrrKbf1alQ/Xn38Jdsrgm/7X94bihLLxD36gsFl9lHlP9lHKvzhjWygO/GxZtR+II3ishNUHV0ybSA8QWrW4Tiip+GR9vcI+pH+vTSUfYxrhv+CrlCqxxfGfBTebybH+bpdpqn+/QOCiqaqw==
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: aae389184aae55c0d8f220c040d56abf82d4e44467be571d9651562cc174ac53

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Thu, 05 Oct 2023 11:34:19 GMT
server: nginx
etag: W/"651e9f3b-21617"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 09 Oct 2024 14:40:28 GMT

GET
H2 200 amsi-powershell-flowchart-1.png
pentestlaboratories.files.wordpress.com/2021/05/ 33 KB
33 KB 100ms
33ms Image
image/webp 192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlaboratories.files.wordpress.com/2021/05/amsi-powershell-flowchart-1.png

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.27 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b1ae286827294bd5430f4319546911f30aeea4273c730a1007e77830a72b7c3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 27 np
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff, nosniff
last-modified: Sat, 15 May 2021 18:10:16 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://pentestlaboratories.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 33468
expires: Sat, 28 Oct 2023 02:03:28 GMT

GET
H2 200 amsi-powershell-bypass-powershell-downgrade.png
pentestlaboratories.files.wordpress.com/2021/05/ 19 KB
19 KB 100ms
33ms Image
image/webp 192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlaboratories.files.wordpress.com/2021/05/amsi-powershell-bypass-powershell-downgrade.png

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.27 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a81ca3762eb44d4ec5df31100b229af38c6c7d9bf4e989a104f402a827130545

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 27 np
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff, nosniff
last-modified: Wed, 12 May 2021 19:49:47 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://pentestlaboratories.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 19382
expires: Wed, 08 Nov 2023 06:37:03 GMT

GET
H2 200 amsi-powershell-bypass-base64.png
pentestlaboratories.files.wordpress.com/2021/05/ 10 KB
11 KB 15ms
14ms Image
image/webp 192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlaboratories.files.wordpress.com/2021/05/amsi-powershell-bypass-base64.png

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.27 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f5a8fee2e828852a927bde1d5143d5896040a81debf04ab8810488fe8075a8e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 27 np
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff, nosniff
last-modified: Wed, 12 May 2021 19:41:46 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://pentestlaboratories.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 10558
expires: Thu, 23 Nov 2023 10:26:45 GMT

GET
BLOB 200
OK fa8d2d86-fc84-4f2a-b034-0f4f92bb2b4f
https://pentestlaboratories.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://pentestlaboratories.com/fa8d2d86-fc84-4f2a-b034-0f4f92bb2b4f
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 hovercards.min.js Show response
0.gravatar.com/js/hovercards/ 13 KB
5 KB 67ms
11ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202342aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:46 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Tue, 15 Aug 2023 17:32:05 GMT
server: nginx
etag: W/"64dbb695-32aa"
content-type: application/javascript
cache-control: max-age=604800
expires: Tue, 24 Oct 2023 14:15:46 GMT

GET
H2 200 wpgroho.js Show response
s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/ 655 B
679 B 28ms
28ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
x-minify: t
etag: W/1125-1684460931415.6394
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:44 GMT

GET
H2 200 wpcom-gray-white.png
s0.wp.com/i/logo/ 8 KB
8 KB 45ms
44ms Image
image/png 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s0.wp.com/i/logo/wpcom-gray-white.png
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
x-ac: 2.hhn _dfw BYPASS
last-modified: Thu, 27 May 2021 01:09:58 GMT
server: nginx
etag: "60aef166-200b"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 8203
expires: Fri, 10 Nov 2023 15:12:14 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 36 KB
14 KB 21ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyClNz8wr1i+uzCtJrMjITM/IAeKS1CJMEWP94uSizIISoOIM5/yiVL2sYh19yo1yKiotzgjIL08tCs5IzcmhpqnOwRmJRQVUNbEAZJx9rq2hmaGpibmZpbFRFgCTxoHC
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: c7c8d60039d7921710eea8eb6008659defc6b9a7b332dd3e34a53d61d3c3f769

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Sun, 19 Dec 2021 04:31:03 GMT
server: nginx
etag: W/"61beb587-8fb8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 11 Nov 2023 08:38:54 GMT

GET
H2 200 /
s0.wp.com/_static/ 32 KB
7 KB 12ms
11ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyljUEOwjAMBD9EcHNoxQXxFNQmFrg4dlTH7fcrJHrjgMRxR6sZ2GpIKg2lQfFQ2R8kBjO2OqbXZ4O5wJ0kweTEGdoTC4amygYLWlUxWjGslFG/kHMyO8HPoaLZGQ3SuKgbMthGFZcwuWTGf2XH5wBv361c43DpY+y7oZt3B4BoBw==&cssminify=yes
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 55377055bc6066161289b899a8a943fd00ae6ddb881f4bbde59e9c258dc4a9fc

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Fri, 26 May 2023 15:31:17 GMT
server: nginx
etag: W/"6470d0c5-7f39"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 25 May 2024 16:37:48 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 73 KB
23 KB 13ms
12ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJyNj91OwzAMRl+INOs0IXqBeJYscTu3jh3y07G3J2tBjGqI3UXOOd9n63NQVjgDZ+2LClQG5KQJJ0j6vUCBk2FHEJsxPen7sBXv60it0rgZbMUf60hip6T3TfvStCqhDwQqwtwctMOU16QVUiTG1SU88jYvn8DX2lCOGhzy1UoThlrOk+rFlqR6/Pi2kC0V93vNCIEu/0QPEs2SzWbGwWSUh+jlca97OXAGdhKvX0Ho0iNRZSDm213+kiIMUFmTJapYOKOHR7Sbri/8zb+2z92u63bt/jB+Ahoaw0c=
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 23938205d5a8e5930a5f284a21642f21bc3f6c469e0ffad56b8cfea1a897d892

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Wed, 02 Aug 2023 15:28:59 GMT
server: nginx
etag: W/"64ca763b-124b4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 09 Oct 2024 07:47:37 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v16.8.1/build/hooks/ 4 KB
2 KB 23ms
21ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v16.8.1/build/hooks/index.min.js?m=1697141320i&ver=700a21be8955e3eb9568
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 761c4ef72f1aa7bcaf50a6562e915e33d2713aefa1384d6ee1d77a3a07fb7be3

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Thu, 12 Oct 2023 20:08:56 GMT
server: nginx
etag: W/"65285258-11f6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sun, 13 Oct 2024 01:13:23 GMT

GET
H2 200 index.min.js Show response
s0.wp.com/wp-content/plugins/gutenberg-core/v16.8.1/build/i18n/ 9 KB
4 KB 24ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/gutenberg-core/v16.8.1/build/i18n/index.min.js?m=1697141320i&ver=f5a63315d8d2f363ce59
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9ddaa48947691f4edbd85d83e34061cdf5eaabf0b10b59b3922d95233b8950ee

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Thu, 12 Oct 2023 20:08:56 GMT
server: nginx
etag: W/"65285258-23b2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sun, 13 Oct 2024 01:13:23 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ 38 KB
12 KB 24ms
22ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??-eJydjUEOwjAMBD9EalBbEAfEU1BJDThN7KhO2u+DgHBACCSOO9rZhTkaK5yQE4Rsos9nYgWHKXZ2eGbQzHAgtnDM5HtIFwxokohXGFGjsNKEZqIe5QOpAnHldAH/fNlulKzoX7UCfqx2A2nAZOpq+Zgr4DTey/0Xt1yYOVoJb/Hm7cNutd42bb1p2tZdAeP7eOE=
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f14f066ac725739890090d0d833490a062b4f1ee53b26f5b7d39b3a3a6dfc836

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Tue, 12 Sep 2023 16:51:07 GMT
server: nginx
etag: W/"650096fb-98f6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 11 Sep 2024 17:03:10 GMT

GET
H2 200 rating.js Show response
polldaddy.com/js/rating/ 16 KB
5 KB 577ms
168ms Script
application/javascript 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://polldaddy.com/js/rating/rating.js?ver=12.8-a.0
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: e0808e40b97ef765f6cb946aaf1b816cec41aa339c1b841e64aa32413276383d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: br
last-modified: Mon, 12 Sep 2022 08:38:39 GMT
server: nginx
etag: W/"631ef00f-3fe3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
expires: Thu, 16 Nov 2023 14:15:47 GMT

GET
H2 200 sharing.min.js Show response
s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/build/sharedaddy/ 9 KB
3 KB 24ms
23ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/build/sharedaddy/sharing.min.js?m=1685112397i
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc

Request headers

Referer: https://pentestlaboratories.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
last-modified: Fri, 26 May 2023 14:46:54 GMT
server: nginx
etag: W/"6470c65e-2259"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:46 GMT

GET
H2 200 w.js Show response
stats.wp.com/ 11 KB
4 KB 88ms
16ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/w.js?63
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
server: nginx
etag: W/"61dc645f-2a3d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Fri, 10 Nov 2023 15:19:01 GMT

GET
H2 200 css
fonts-api.wp.com/ 7 KB
1 KB 49ms
49ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Ubuntu:b%7CUbuntu:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6e57606e03b2f8286e7343da02403a66a52cc44d9406dd0387e5bacf4264bf05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 2
last-modified: Tue, 17 Oct 2023 14:15:46 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 4iCv6KVjbNBYlgoCxCvjsGyN.woff2
fonts.wp.com/s/ubuntu/v20/ 29 KB
29 KB 30ms
21ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ubuntu/v20/4iCv6KVjbNBYlgoCxCvjsGyN.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:b%7CUbuntu:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 17:05:11 GMT
server: nginx
age: 288515
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 29752
x-xss-protection: 0

GET
H2 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.wp.com/s/ubuntu/v20/ 34 KB
34 KB 27ms
18ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:b%7CUbuntu:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
server: nginx
age: 217452
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 34852
x-xss-protection: 0

GET
H2 200 4iCu6KVjbNBYlgoKej70l0k.woff2
fonts.wp.com/s/ubuntu/v20/ 36 KB
36 KB 26ms
17ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ubuntu/v20/4iCu6KVjbNBYlgoKej70l0k.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:b%7CUbuntu:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

af186659e415490e7eee1bd3c8d511771dbd3e03ddbebf6b6a5096ac8ba29449

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:13:13 GMT
server: nginx
age: 5165
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 36564
x-xss-protection: 0

GET
H2 200 4iCp6KVjbNBYlgoKejZPslyPN4E.woff2
fonts.wp.com/s/ubuntu/v20/ 30 KB
30 KB 26ms
18ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/ubuntu/v20/4iCp6KVjbNBYlgoKejZPslyPN4E.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Ubuntu:b%7CUbuntu:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

26918e4295cab1eaecebc5d4719c212691f040bfe31daf0c7caf08f7a0de520a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:08:03 GMT
server: nginx
age: 78060
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 30660
x-xss-protection: 0

GET
H2 200 6WBkBU0733o Show response
www.youtube.com/embed/ Frame 04E9 89 KB
39 KB 167ms
96ms Document
text/html 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

47f825cc598e56312dc8736ff6c8391be12cbe51c84c858a6c6430c56f98c1a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pentestlaboratories.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 14:15:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Referer
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 6NUO8FuJNQ2MbkrZ5-J8lKFrp7pRef2r.woff2
fonts.wp.com/s/droidsansmono/v20/ 18 KB
18 KB 17ms
16ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/droidsansmono/v20/6NUO8FuJNQ2MbkrZ5-J8lKFrp7pRef2r.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Droid+Sans+Mono

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

1a8e7108949ee83e8eeadd9cd0ed0f98bd8870f2afa75c26ccdc9e795fb58e30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Apr 2022 17:56:00 GMT
server: nginx
age: 411948
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 18400
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 887bace24994f330b0d0b2c01675dc8329a74fcb2dd720929dea971e0f598c94

Request headers

Referer
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
DATA 200
OK truncated
/ 18 KB
18 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05914b956e9d0107351bca1ace8c4288c28c331338dc746b93f70bbe058502cf

Request headers

Referer
Origin: https://pentestlaboratories.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 amsi-powershell-bypass-hooking.png
pentestlaboratories.files.wordpress.com/2021/05/ 7 KB
7 KB 16ms
14ms Image
image/webp 192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlaboratories.files.wordpress.com/2021/05/amsi-powershell-bypass-hooking.png

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.27 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

135d839d11329974e3de2be498b6e52ce1d45055883739f295b9af5661bb9c93

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 27 np
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff, nosniff
last-modified: Wed, 12 May 2021 23:57:17 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://pentestlaboratories.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 6950
expires: Fri, 17 Nov 2023 23:58:32 GMT

GET
H2 200 amsi-powershell-bypass-asb.png
pentestlaboratories.files.wordpress.com/2021/05/ 9 KB
9 KB 17ms
16ms Image
image/webp 192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlaboratories.files.wordpress.com/2021/05/amsi-powershell-bypass-asb.png

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.27 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d2296fddba430766228ca64653ec56612df009419701746ac6cf93cd82316e8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 27 np
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff, nosniff
last-modified: Thu, 13 May 2021 12:25:03 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://pentestlaboratories.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 9222
expires: Tue, 31 Oct 2023 04:40:16 GMT

GET
H2 200 amsi-powershell-bypass-asb-strings.png
pentestlaboratories.files.wordpress.com/2021/05/ 7 KB
7 KB 19ms
18ms Image
image/webp 192.0.72.27
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlaboratories.files.wordpress.com/2021/05/amsi-powershell-bypass-asb-strings.png

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.27 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3bfa802ede04320fae2b555665346d17239c67d484f2a55b46c325f33ee263dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 27 np
date: Tue, 17 Oct 2023 14:15:46 GMT
x-content-type-options: nosniff, nosniff
last-modified: Thu, 13 May 2021 16:17:33 GMT
server: nginx
x-orig-src: 0_imageresize
vary: Accept, Origin
content-type: image/webp
access-control-allow-origin: https://pentestlaboratories.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 7084
expires: Wed, 01 Nov 2023 03:48:45 GMT

GET
H2 200 shCore.css
s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/ 6 KB
1 KB 13ms
12ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shCore.css?ver=3.0.9b
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 17daa2fbe0ec2b4646e8406f654772645d0be2759a5137e175fbe95a1387455a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
server: nginx
etag: W/"62bc9430-1a9d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Fri, 10 Nov 2023 15:12:28 GMT

GET
H2 200 shThemeDefault.css
s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/ 2 KB
707 B 14ms
13ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/plugins/syntaxhighlighter/syntaxhighlighter3/styles/shThemeDefault.css?m=1363304414i&ver=3.0.9b
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 8f892de7bd3f42587028e9a8ddd9d01c6923f3947e657710ef40a2407e718de6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: miss
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:46 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
server: nginx
x-minify: t
etag: W/2877-1684465200225.7236
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 20:22:45 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/99faf012/ Frame 04E9 378 KB
48 KB 30ms
11ms Stylesheet
text/css 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/99faf012/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92223235bd2c02fa3eae38898c1fb05886c7261be48bc661939babfc0c2c59bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:02:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 788
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48960
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 01:50:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Oct 2024 14:02:38 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/ Frame 04E9 54 KB
17 KB 33ms
22ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eadc6ed83fa46a5be33d8f62fe2a564fd597af51dfb2d19fea08eee91db8eff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 11:53:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16988
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 01:50:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Oct 2024 11:53:43 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/99faf012/www-embed-player.vflset/ Frame 04E9 318 KB
95 KB 40ms
30ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/99faf012/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8290ad40ac2027d9a1c629cbb0106fea28df654f181f97900f5a154a8a4d4858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 12:38:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5850
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97303
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 01:50:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Oct 2024 12:38:16 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/ Frame 04E9 2 MB
786 KB 52ms
43ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c77879b9644cb3597c79b44963d5ee09cec1cea973f73081a1f5c80e5e6cd53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 09:21:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 17659
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 804715
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 01:50:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Oct 2024 09:21:27 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 04E9 15 KB
16 KB 95ms
29ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sat, 14 Oct 2023 06:47:09 GMT
x-content-type-options: nosniff
age: 286118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 13 Oct 2024 06:47:09 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 04E9 15 KB
15 KB 98ms
33ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 21:26:35 GMT
x-content-type-options: nosniff
age: 406152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Oct 2024 21:26:35 GMT

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 04E9
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

35ms
34ms

XHR
application/json

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98cad9f84a4c803d9deac93c6c20dc2e8ab60f549cb11db5514823c13447cb1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 17 Oct 2023 14:15:47 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 04E9 29 B
494 B 115ms
12ms Script
text/javascript 2a00:1450:4001:81c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/99faf012/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:32 GMT
x-content-type-options: nosniff
age: 15
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 17 Oct 2023 14:30:32 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 70ms
16ms Preflight
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Tue, 17 Oct 2023 14:15:47 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 04E9 68 KB
31 KB 34ms
33ms XHR
application/json+protobuf 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

37cf1f78eb173c8612df791b85793605e7efcf00ce91331c60f9748a3065893b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31693
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/ Frame 04E9 116 KB
33 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b806048f08d3f62def1d012418386bb117f2c315f86fc4070b51d23e51b96468

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:12:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 222
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33488
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 01:50:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 16 Oct 2024 14:12:05 GMT

GET
H2 200 csSiDfu-BDpwD-AA8W8d2tK8F8kzLRMbubGTLi8s2iw.js Show response
www.google.com/js/th/ Frame 04E9 37 KB
15 KB 49ms
12ms Script
text/javascript 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/csSiDfu-BDpwD-AA8W8d2tK8F8kzLRMbubGTLi8s2iw.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72c4a20dfbbe043a700fe000f16f1ddad2bc17c9332d131bb9b1932e2f2cda2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 12:36:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 92373
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14773
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 13:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Oct 2024 12:36:14 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/6WBkBU0733o/ Frame 04E9 18 KB
18 KB 79ms
42ms Image
image/jpeg 2a00:1450:4001:831::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/6WBkBU0733o/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-DoACuAiKAgwIABABGBMgOSh_MA8=&rs=AOn4CLCIGt2X1EMNj86vQLd5swWv4uyTBA

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ddafbc321a2365019d527d58495a010a5dbe7b0790ff971c1c533e0de079ba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18196
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 17 Oct 2023 16:15:47 GMT

GET
DATA 200
OK truncated
/ Frame 04E9 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 azxhMQOt6Q5lgvu7IydlKijsY4YY9w2kJpl2sUSUsMBqv4Exu1qBU_QRA_0uRytZMUYvsCocew=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame 04E9 3 KB
3 KB 117ms
12ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/azxhMQOt6Q5lgvu7IydlKijsY4YY9w2kJpl2sUSUsMBqv4Exu1qBU_QRA_0uRytZMUYvsCocew=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c3413729373769431562e4c111825dcfaae274e3fff8bb73a9c368486168345b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 11:23:32 GMT
x-content-type-options: nosniff
age: 10335
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3001
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Wed, 18 Oct 2023 11:23:32 GMT

GET
H2 200 rate.php Show response
polldaddy.com/ratings/ 1 KB
514 B 189ms
186ms Script
application/javascript 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://polldaddy.com/ratings/rate.php?cmd=get&id=8796967&uid=wp-post-2844&item_id=_post_2844
Requested by: Host: polldaddy.com
URL: https://polldaddy.com/js/rating/rating.js?ver=12.8-a.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: 57bc4df378ec612b53ed9f7f641e0082db86019767fc72cb0624269d4c02a750

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type: application/javascript
date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-language: en

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame 8B02 3 KB
1 KB 41ms
13ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=20230906
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: a9590c565025c73b60ffb2b8bb242e213355db5499a6e02b2b075ff59514eb57

Request headers

Referer: https://pentestlaboratories.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
content-encoding: br
content-type: text/html
date: Tue, 17 Oct 2023 14:15:47 GMT
etag: W/"650493e8-ae1"
last-modified: Fri, 15 Sep 2023 17:27:04 GMT
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-ac: 2.hhn _dfw MISS
x-nc: HIT hhn 2

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 04E9 90 B
134 B 46ms
45ms XHR
application/json+protobuf 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab20a190cf0c82b0fa2865cccd60cbbc8047927baa915f54368f9efa80acc90f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame 8B02 3 KB
1 KB 32ms
31ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20230906
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
server: nginx
x-minify: t
etag: W/7325-1684465206729.7068
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 8B02 81 KB
21 KB 32ms
32ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230906
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=20230906
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 06b3a98758f38adbd3bd2ec1f6cd55b9dec4ca16b3aabba3a3ad14739be5990c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
last-modified: Fri, 15 Sep 2023 17:27:12 GMT
server: nginx
etag: W/"650493f0-14439"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Sat, 14 Sep 2024 17:27:19 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 41ms
31ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?x_stats-initial-visibility=visible&v=wpcom-no-pv&rand=0.06879186903421641
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 17 Oct 2023 14:15:47 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 40ms
31ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?blog=151987412&v=wpcom&tz=1&user_id=0&post=2844&subd=pentestlaboratories&host=pentestlaboratories.com&ref=&rand=0.8051851582265901
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 17 Oct 2023 14:15:47 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 44ms
36ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?crypt=UE40eW5QN0p8M2Y%2FRE1mNzc2NTVTamdsd0xoLz9RQkM2K298TXY9bERQMXc2MjhEaVZfb2wwakRoSj0mUkp1THptM1NdbkV1WjZIcU9mVWQmPUIvMlN6Jk8wW3NYVEJ3dWZOWExuWD9yL3dPVDRCOHlLX3IxTHI5WHl%2BamhyX1F6dHROc2lBVDVbYmkwfEVac0dkRGVIRFk9VU5qSmNpW1BJc2RHM180a19DZUdwaSxFYXgxfldVVGxMTlM2Y0xjZkt5M3NGVFYmXzZ1Rz0xQkZlNFNRLnVfL0dsYXFbZltReVpQR0s4Y1VYcm5RdVt1WHdqXUVZc2twZ29iaHxHdWhNW2JxcW9pbVhjOGlnS35fRUUsNFtaZVFXOVNNeURCdmYwRUFGZzY1NiZZWWNZTU1qOWFafnk0fmo0NkF6Ri8vb0g%2FZj9nR3FCeQ%3D%3D&v=wpcom-no-pv&rand=0.33574253800830167
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 17 Oct 2023 14:15:47 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
s0.wp.com/wp-includes/js/ 18 KB
5 KB 33ms
33ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1677072837i&ver=6.4-alpha-56697
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
last-modified: Fri, 19 May 2023 02:58:18 GMT
server: nginx
etag: W/"6466e5ca-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 16 Oct 2024 13:28:10 GMT

GET
H2 200 / Show response
pentestlaboratories.com/2021/05/17/amsi-bypass-methods/ 3 KB
1 KB 356ms
356ms XHR
application/json 192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/?relatedposts=1

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??-eJyVkOFKBDEMhF/IXlTYBX+Ij3J027ik1zY1SVf37V2hyiko+CtM+MjMBF6bC1wNq0FSKLxQRtcVxa/HzlF95lPSG7jiSnct95WqQkJrPlyGBu0VzlQDLJ1yBMHsDaNrrKbf1alQ/Xn38Jdsrgm/7X94bihLLxD36gsFl9lHlP9lHKvzhjWygO/GxZtR+II3ishNUHV0ybSA8QWrW4Tiip+GR9vcI+pH+vTSUfYxrhv+CrlCqxxfGfBTebybH+bpdpqn+/QOCiqaqw==

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0e45b6c80312a401c4e56f785a7b4285004e8cbbbe0e1ee1188ce794c0bb89a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
x-requested-with: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Tue, 17 Oct 2023 14:15:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
server: nginx
x-ac: 2.hhn _dfw EXPIRED
vary: Accept-Encoding, accept, content-type
x-pingback: https://pentestlaboratories.com/xmlrpc.php
content-type: application/json; charset=utf-8
host-header: WordPress.com

GET
H2 200 hovercards.min.css
0.gravatar.com/js/hovercards/ 3 KB
1021 B 31ms
31ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.css?ver=202342aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c

Requested by

Host: 0.gravatar.com
URL: https://0.gravatar.com/js/hovercards/hovercards.min.js?ver=202342aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Wed, 11 Oct 2023 03:50:13 GMT
server: nginx
etag: W/"65261b75-d5d"
content-type: text/css
cache-control: max-age=604800
expires: Tue, 24 Oct 2023 14:15:47 GMT

GET
H2 200 remote-login.php Show response
r-login.wordpress.com/ Frame 820C 133 B
351 B 454ms
155ms Document
text/html 192.0.78.18
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9wZW50ZXN0bGFib3JhdG9yaWVzLmNvbQ%3D%3D&wpcomid=151987412&time=1697552146

Requested by

Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.18 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

95fddf05b0a4211a795d0d4e3774dc4a865e624f845917dc5add7f4b45893edf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://pentestlaboratories.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 17 Oct 2023 14:15:48 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-ac: 1.hhn _dfw MISS

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 04E9 4 KB
2 KB 124ms
37ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/99faf012/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Oct 2023 14:15:47 GMT

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 35ms
35ms Preflight
text/html 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Tue, 17 Oct 2023 14:15:47 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H3 204 generate_204
www.youtube.com/ Frame 04E9 0
10 B 17ms
15ms Image
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?UhUnmA
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:47 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 star-yellow-sml.png
polldaddy.com/images/ratings/ 3 KB
3 KB 397ms
393ms Image
image/png 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://polldaddy.com/images/ratings/star-yellow-sml.png
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: 67f5e3a1fe926d54a765050fbdae81d08d4908c38c3a2340322ec7f5086df9e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:48 GMT
last-modified: Wed, 08 Sep 2021 04:24:16 GMT
server: nginx
etag: "61383af0-c0d"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3085
expires: Thu, 16 Nov 2023 14:15:48 GMT

GET
H2 200 info.png
polldaddy.com/images/ratings/ 1 KB
1 KB 397ms
394ms Image
image/png 192.0.123.248
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://polldaddy.com/images/ratings/info.png
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.123.248 Los Angeles, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: polldaddy.com
Software: nginx /
Resource Hash: 8d1b51a6bcf97a173884161816c19b753e0088a0926148482d8a1f371706c774

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 14:15:48 GMT
last-modified: Wed, 08 Sep 2021 04:24:17 GMT
server: nginx
etag: "61383af1-4ca"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1226
expires: Thu, 16 Nov 2023 14:15:48 GMT

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/118/ Frame 04E9 50 KB
15 KB 239ms
234ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/118/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e99e1ceb5d2b6483d5cf48bff61db9da00db6cb806b7aa2e0f22f87a787e0d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 15:57:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14707
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 15:06:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 17 Oct 2023 15:57:06 GMT

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame 5BBC 8 KB
4 KB 225ms
174ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20230906

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4b4f298a5eb39eae4292bcef72c8f484854cf331454bd142d39b08d44fada2f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://widgets.wp.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 17 Oct 2023 14:15:48 GMT
p3p: CP="CAO PSA OUR"
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-ac: 1.hhn _dfw BYPASS

GET
H2 200 rlt-proxy.js Show response
s0.wp.com/wp-content/js/ Frame 5BBC 3 KB
1 KB 16ms
10ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/rlt-proxy.js?m=20211122
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:48 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
server: nginx
x-minify: t
etag: W/7325-1684465206729.7068
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Thu, 30 May 2024 14:44:30 GMT

GET
H2 200 actionbar.css
s0.wp.com/wp-content/mu-plugins/actionbar/ 14 KB
4 KB 11ms
10ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20210915
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 08049155425170644473fbebdaebcba11c6358913cf6dbe0c739a7c7c05ad04c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:48 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
server: nginx
x-minify: t
etag: W/17924-1684465215393.7234
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 20:14:17 GMT

GET
H2 200 actionbar.js Show response
s0.wp.com/wp-content/mu-plugins/actionbar/ 7 KB
2 KB 11ms
11ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20220329
Requested by: Host: pentestlaboratories.com
URL: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 10e1d5be200976ab3c32ddb7076abe7c8c7ffe002556c5954d146319420e0580

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pentestlaboratories.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn 2
date: Tue, 17 Oct 2023 14:15:48 GMT
content-encoding: br
x-ac: 2.hhn _dfw MISS
server: nginx
x-minify: t
etag: W/13421-1684460936240.9634
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 29 May 2024 20:13:45 GMT

POST
H2 200 admin-ajax.php
pentestlaboratories.com/wp-admin/ 0
0 230ms
230ms Fetch
text/html 192.0.78.24
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://pentestlaboratories.com/wp-admin/admin-ajax.php

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20220329

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.24 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-hacker: Want root? Visit join.a8c.com/hacker and mention this header.
date: Tue, 17 Oct 2023 14:15:48 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
x-ac: 2.hhn _dfw BYPASS
host-header: WordPress.com
referrer-policy: strict-origin-when-cross-origin
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://pentestlaboratories.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 04E9 28 B
54 B 32ms
31ms XHR
application/json 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/99faf012/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
X-Goog-Request-Time: 1697552149250
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/6WBkBU0733o?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en&autohide=2&wmode=transparent
X-YouTube-Client-Version: 1.20231010.01.00
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtUcFR6NFZrWU9MRSiSrrqpBjIICgJERRICEgA%3D
X-YouTube-Ad-Signals: dt=1697552147049&flash=0&frm=2&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C700%2C394&vis=1&wgl=true&ca_type=image

Response headers

date: Tue, 17 Oct 2023 14:15:49 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0
expires: Tue, 17 Oct 2023 14:15:49 GMT

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: ukJ6jo2G2lk
			.youtube.com/	1970-01-20 19:51:44	Name: VISITOR_INFO1_LIVE Value: TpTz4VkYOLE

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
fonts-api.wp.com
fonts.gstatic.com
fonts.wp.com
googleads.g.doubleclick.net
i.ytimg.com
jnn-pa.googleapis.com
pentestlaboratories.com
pentestlaboratories.files.wordpress.com
pixel.wp.com
polldaddy.com
public-api.wordpress.com
r-login.wordpress.com
s0.wp.com
static.doubleclick.net
stats.wp.com
widgets.wp.com
www.google.com
www.gstatic.com
www.youtube.com
yt3.ggpht.com
192.0.123.248
192.0.72.27
192.0.76.3
192.0.77.32
192.0.78.18
192.0.78.23
192.0.78.24
2a00:1450:4001:809::2004
2a00:1450:4001:80f::2001
2a00:1450:4001:811::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::200e
2a00:1450:4001:81c::2006
2a00:1450:4001:827::2003
2a00:1450:4001:828::200a
2a00:1450:4001:831::2016
2a04:fa87:fffe::c000:4902
05914b956e9d0107351bca1ace8c4288c28c331338dc746b93f70bbe058502cf
06b3a98758f38adbd3bd2ec1f6cd55b9dec4ca16b3aabba3a3ad14739be5990c
08049155425170644473fbebdaebcba11c6358913cf6dbe0c739a7c7c05ad04c
08575c86a3e7dc7195b1ff5fcac9c651cb2e677c844cfe66fc71d7542fae1663
0e45b6c80312a401c4e56f785a7b4285004e8cbbbe0e1ee1188ce794c0bb89a2
10e1d5be200976ab3c32ddb7076abe7c8c7ffe002556c5954d146319420e0580
135d839d11329974e3de2be498b6e52ce1d45055883739f295b9af5661bb9c93
14b5e84f65e981a7b913d677ee7addbb98cab67719ee56e3b681fd8c76db7730
17daa2fbe0ec2b4646e8406f654772645d0be2759a5137e175fbe95a1387455a
1a8e7108949ee83e8eeadd9cd0ed0f98bd8870f2afa75c26ccdc9e795fb58e30
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
23938205d5a8e5930a5f284a21642f21bc3f6c469e0ffad56b8cfea1a897d892
26918e4295cab1eaecebc5d4719c212691f040bfe31daf0c7caf08f7a0de520a
2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad
2ff60ca73f19b68a881f4e79b91af955945969b051f9e51565fcb83f6ab6dd3b
34af51123a0d85d4c6a352a539d25569efa564eb285a95c03509a7dd299ef795
37cf1f78eb173c8612df791b85793605e7efcf00ce91331c60f9748a3065893b
3bfa802ede04320fae2b555665346d17239c67d484f2a55b46c325f33ee263dc
3c77879b9644cb3597c79b44963d5ee09cec1cea973f73081a1f5c80e5e6cd53
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47f825cc598e56312dc8736ff6c8391be12cbe51c84c858a6c6430c56f98c1a6
4b4f298a5eb39eae4292bcef72c8f484854cf331454bd142d39b08d44fada2f1
4cdf6eb1b7aaf63db500e67cb9b666332e6426b55d1fae9defbd2534ee155296
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
51fdfe3f99267a8ccfe4d78a7bf52b288e2c2d3eb37bf836cfe7811764e24f60
55377055bc6066161289b899a8a943fd00ae6ddb881f4bbde59e9c258dc4a9fc
57bc4df378ec612b53ed9f7f641e0082db86019767fc72cb0624269d4c02a750
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
67f5e3a1fe926d54a765050fbdae81d08d4908c38c3a2340322ec7f5086df9e3
6ddafbc321a2365019d527d58495a010a5dbe7b0790ff971c1c533e0de079ba9
6e57606e03b2f8286e7343da02403a66a52cc44d9406dd0387e5bacf4264bf05
72c4a20dfbbe043a700fe000f16f1ddad2bc17c9332d131bb9b1932e2f2cda2c
738223eb8c8c70913bf59775dc575c205070014babc8b174fd3ab8e6082ebe30
761c4ef72f1aa7bcaf50a6562e915e33d2713aefa1384d6ee1d77a3a07fb7be3
7c00752ce82d6abaed0b9766d35b906b16675facdbe24115b410d1fab975effa
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
8290ad40ac2027d9a1c629cbb0106fea28df654f181f97900f5a154a8a4d4858
887bace24994f330b0d0b2c01675dc8329a74fcb2dd720929dea971e0f598c94
8d1b51a6bcf97a173884161816c19b753e0088a0926148482d8a1f371706c774
8e99e1ceb5d2b6483d5cf48bff61db9da00db6cb806b7aa2e0f22f87a787e0d3
8f892de7bd3f42587028e9a8ddd9d01c6923f3947e657710ef40a2407e718de6
92223235bd2c02fa3eae38898c1fb05886c7261be48bc661939babfc0c2c59bc
95fddf05b0a4211a795d0d4e3774dc4a865e624f845917dc5add7f4b45893edf
98cad9f84a4c803d9deac93c6c20dc2e8ab60f549cb11db5514823c13447cb1f
9c83b89ab9d2677980617afacb833a74da3050a2d3d711176b500d7922e49ab5
9ddaa48947691f4edbd85d83e34061cdf5eaabf0b10b59b3922d95233b8950ee
9e1dae23d3ad3212f67d09ca79a50003c32953c36bab976f634c9b38d8a8c6dc
9ea05939808fc41e2fcf16e2ec6363314d634c71f07586048eec5e569dacd701
a81ca3762eb44d4ec5df31100b229af38c6c7d9bf4e989a104f402a827130545
a9590c565025c73b60ffb2b8bb242e213355db5499a6e02b2b075ff59514eb57
aae389184aae55c0d8f220c040d56abf82d4e44467be571d9651562cc174ac53
ab20a190cf0c82b0fa2865cccd60cbbc8047927baa915f54368f9efa80acc90f
aeb24331352c11f5446dd670d75325a3c4e3b8a6bd7f92ee1c88f8b8636d4d9c
af186659e415490e7eee1bd3c8d511771dbd3e03ddbebf6b6a5096ac8ba29449
b0f532fd5edcf855b213a1afe2a0be619f483c3fd5c076bac9bb8f3e7f94eecf
b1ae286827294bd5430f4319546911f30aeea4273c730a1007e77830a72b7c3b
b49cc89425b059a20b8a25ae1ae9ea028701c82c8221b100333935c6ca47b185
b6e4492d3b8358a81b80908b1f84e6bd2f64a7a46d48793af99d27bf29f4c2e8
b806048f08d3f62def1d012418386bb117f2c315f86fc4070b51d23e51b96468
c0e93b5ebf107af77d9e7d101d186b3b93e9d5ad4fbb6a74e2dea60173cc04f8
c3413729373769431562e4c111825dcfaae274e3fff8bb73a9c368486168345b
c7c8d60039d7921710eea8eb6008659defc6b9a7b332dd3e34a53d61d3c3f769
d2296fddba430766228ca64653ec56612df009419701746ac6cf93cd82316e8d
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
e0808e40b97ef765f6cb946aaf1b816cec41aa339c1b841e64aa32413276383d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eadc6ed83fa46a5be33d8f62fe2a564fd597af51dfb2d19fea08eee91db8eff2
ec7c4c90e31092c6253cddb718655a1e3ac5f4f83425b1e16d54b25ff80f263f
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
f14f066ac725739890090d0d833490a062b4f1ee53b26f5b7d39b3a3a6dfc836
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5a8fee2e828852a927bde1d5143d5896040a81debf04ab8810488fe8075a8e8
f72ea1589b707feb0d369c239e89cc4ca754d70645c76e3a61ba0af9d69bba8c

pentestlaboratories.com Open in urlscan Pro 192.0.78.24 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

78 Requests

97 %HTTPS

59 %IPv6

12 Domains

21 Subdomains

18 IPs

3 Countries

1730 kBTransfer

5164 kBSize

2 Cookies

42 Outgoing links

Page URL History

Redirected requests

78 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pentestlaboratories.com Open in urlscan Pro
192.0.78.24 Public Scan

Screenshot
Live screenshot

Full Image

78
Requests

97 %
HTTPS

59 %
IPv6

12
Domains

21
Subdomains

18
IPs

3
Countries

1730 kB
Transfer

5164 kB
Size

2
Cookies

78 HTTP transactions
4 data transactions