URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Submission: On November 18 via api from US — Scanned from US

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 29 HTTP transactions. The main IP is 2606:4700:3034::ac43:8cb3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.blue-prints.blog.
TLS certificate: Issued by WE1 on October 29th 2024. Valid for: 3 months.
This is the only time www.blue-prints.blog was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
26 172.67.140.179 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
29 5
Apex Domain
Subdomains
Transfer
27 blue-prints.blog
www.blue-prints.blog
427 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
108 KB
29 3
Domain Requested by
27 www.blue-prints.blog www.blue-prints.blog
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com www.blue-prints.blog
29 3

This site contains links to these domains. Also see Links.

Domain
learn.microsoft.com
attack.mitre.org
github.com
gist.github.com
Subject Issuer Validity Valid
blue-prints.blog
WE1
2024-10-29 -
2025-01-27
3 months crt.sh
*.google-analytics.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Frame ID: 79582852202AD8D23BAFA64C986133BD
Requests: 38 HTTP requests in this frame

Screenshot

Page Title

Blue-Prints Blog - Insecure Deserialization in AddinUtil.exe

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

29
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

3
Subdomains

5
IPs

1
Countries

536 kB
Transfer

1959 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request addinutil-lolbas.html
www.blue-prints.blog/content/blog/posts/lolbin/
74 KB
16 KB
Document
General
Full URL
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:8cb3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8de22a64226dd7912ad3112e7bcbc8b9b98ebbe15daa4ebe8528c95cf03580b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
age
0
alt-svc
h3=":443"; ma=86400
cache-control
max-age=600
cf-cache-status
DYNAMIC
cf-ray
8e4a4a560a09ad86-ATL
content-encoding
zstd
content-type
text/html; charset=utf-8
date
Mon, 18 Nov 2024 19:15:38 GMT
expires
Mon, 18 Nov 2024 18:15:00 GMT
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WZhkM0tPk7goPw%2FefQItPFcRiPhqvDVN34VMJthoxOBgoWiya%2BkFnt36LAmOXVkF8euJ1rAst1CtgypogBVABB%2F0zJ7CnqA7F8U94kR76DMgzzyIhba59XzKJXirF7SjDBKjCefPMLoJhZ4hYr%2F1ZJDH%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=45293&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3922&recv_bytes=2327&delivery_rate=86839&cwnd=34&unsent_bytes=0&cid=c9fec7665ef6aea8&ts=105&x=0"
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-fastly-request-id
e72f248ddfa6e843000ed5a5cdc674174ab4c642
x-github-request-id
1210:17DB2B:DFC68C:EF6723:673B81CB
x-proxy-cache
MISS
x-served-by
cache-pdk-kfty8610046-PDK
x-timer
S1731957339.584719,VS0,VE22
quarto-nav.js
www.blue-prints.blog/site_libs/quarto-nav/
8 KB
3 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-nav/quarto-nav.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85c83b254d39638d514c5190c81deaf929743f9e6e59133e2edb20239d806dce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
eb33fc6336f8ef4ae7d0183f82959daeb57eca0f
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-1fcc"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CHqENqKdVwFPZPg8n2Qt%2B0Fg2FlyQQXAq7zwcoVq8WRQANouP%2BhG173iaESclfzyto5ZJbKw%2FIPffwD8jY7g8q34gUjMK3x%2BL8apK3pBQTblpmEC6UGmcW%2B60PIKgPdGi0y%2FOTORQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
D5A3:38AC82:66C19B:691784:673B9258
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=15&recv=26&lost=0&retrans=0&sent_bytes=4252&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=326&x=1", cfHdrFlush;dur=0
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc1000126-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.722697,VS0,VE91
via
1.1 varnish
cf-ray
8e4a4a56ee009645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
2398
server
cloudflare
headroom.min.js
www.blue-prints.blog/site_libs/quarto-nav/
4 KB
2 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-nav/headroom.min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b80cc4165a661a3f2060d6bdb5ccff591f04c4f8e39a06c12d3c2544587cb17

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
c80bfdeb01ab8242c0df77e84120e0f208e4ee4c
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-11da"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hbZAeeTgcRfnGLT5RuHXf9igiEa6EDlP3PNxax8ujz8ZCsooMdHvVjoveAQ5l2VNdd0Ne2QFs6%2FFRkWI5WQJZxAXhYTEZ9DBBmzEnYkS3uwC%2BnisBEUhcXEZN4mK4hGFlHZkpyKhsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
B4C4:109A68:69AD66:6C03ED:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=338&x=1", cfHdrFlush;dur=91
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10032-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.723448,VS0,VE100
via
1.1 varnish
cf-ray
8e4a4a56ee029645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
1597
server
cloudflare
clipboard.min.js
www.blue-prints.blog/site_libs/clipboard/
9 KB
4 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/clipboard/clipboard.min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
ed4198b3876d1ec807ed23e8bfd3e41cac1b6047
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-23c8"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H7gJyl6yg2c7DZegXDH3ChhaImx3lZCHAzovC2plkXSvYzUE%2FvSf%2Bw%2FuJzJIck%2BPaDNmHsPfoSVn3V9IVxKxGnX7lnpKjE4%2FQNCKe0BvBRHSn8Nln2zkSm2cB9SEMRQtcU89GFQieQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
5909:38AC82:66C19A:691783:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=341&x=1", cfHdrFlush;dur=88
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-sjc1000147-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.720421,VS0,VE105
via
1.1 varnish
cf-ray
8e4a4a56ee039645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
3214
x-origin-cache
HIT
server
cloudflare
autocomplete.umd.js
www.blue-prints.blog/site_libs/quarto-search/
69 KB
19 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-search/autocomplete.umd.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a7b9a51e43777d78f9b5bfb613f1f500e3a1a582b05801f50addb3fb914d15c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
41e8e63957c598fde97e351af0abcfbb132c352f
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-11437"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owlXIJYePjnoGYj7L6pi33UcD%2Fg7U1CQaM%2FeK7o1loSq52k01r2bSh7tVjqGbNruBql5gjIREmc76%2BnJpy5rxVaT2jVDQb3tBfcpoII6q7nXNPgC5ytUWqMZe0tfqsJbanEKRgA5oA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
DDEE:38695:6979F5:6BD0B1:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=348&x=1", cfHdrFlush;dur=82
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10030-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.723999,VS0,VE105
via
1.1 varnish
cf-ray
8e4a4a56ee049645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
18076
server
cloudflare
fuse.min.js
www.blue-prints.blog/site_libs/quarto-search/
23 KB
8 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-search/fuse.min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c57339c3fa16b1d69d9a6b46749a8139ef8d4fc9bbfe48144ff897aa7d4222ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
ad07e2147756cbd81d45a229d07c80b351783255
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-5bf3"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6%2F1GNdoKw50R8OGMQ%2Fer8SLNSOgpkjy9Mi%2BjsMt78GxLDTB9AQj%2Bd6HdvgmU99eJ%2FmTgdu5NxPSY7%2F%2BrQbaMQ6fqfSer4TPR%2FGCBrJtjfFa%2FwCadRWe%2BWca9YNYNQydW22gkYv77rg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
2526:109A68:69AD67:6C03EF:673B9258
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=339&x=1", cfHdrFlush;dur=94
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10058-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.721999,VS0,VE104
via
1.1 varnish
cf-ray
8e4a4a56ee059645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
7332
server
cloudflare
quarto-search.js
www.blue-prints.blog/site_libs/quarto-search/
32 KB
9 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-search/quarto-search.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82b10080f876502d10fd667443d8cd328185c3920c1f8d70af3e9f8d205d24ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
44733a1bb4936878249c85e063b9b03b0c5cf512
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-8015"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=05NK8qI%2B62Iaia9%2FBUOEJ%2FM%2BZzJZNz5ele6oIBg8XgIdqASHCj0SPyudJmoN1oyb1C0ejOV%2B75bzjkRezolgY33jU5yk8wYVqiNjUQKfBJkTJJw7glK1vWDCPvsUC8QzOY9GFuyogw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
E271:38AC82:66C19B:691785:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=104216&sent=26&recv=27&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10471&delivery_rate=197&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=362&x=1", cfHdrFlush;dur=71
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10036-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.722918,VS0,VE126
via
1.1 varnish
cf-ray
8e4a4a56ee079645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
8706
server
cloudflare
quarto.js
www.blue-prints.blog/site_libs/quarto-html/
27 KB
8 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/quarto.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0298185bdd0ae7681b22035d5c2917555b12a4ce41d724bc61a160ecd2bdcabb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
3d6801b4e60124407dfd6313c19dacb4998c7cb6
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-6cdb"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owSXqmxP7MEUIZR8f1hD2%2F6iEtn1TutZGrR9Hvxr9khM6HHIydM37CsH3Y6pTtz6sSBYfe2RqLuYekcSSLq7lVkLF0vgNxQfAwmlR4laXPNbVTeakKg%2FU4InyOE42iojSyZbr2XDJA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
4B7C:25368D:67353C:698B06:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=20&recv=26&lost=0&retrans=0&sent_bytes=10034&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=330&x=1", cfHdrFlush;dur=0
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10052-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.729313,VS0,VE89
via
1.1 varnish
cf-ray
8e4a4a56ee099645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
7307
server
cloudflare
popper.min.js
www.blue-prints.blog/site_libs/quarto-html/
19 KB
8 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/popper.min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de866a3965cea96f92ed595f52405de2e32a0a01f2c6cb2f034bf0de2d36bdf8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
72bb72cc5c3f303205aaa939181960281a20900c
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-4d10"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18zPH6hgbuAVAO34U3Y%2F8u2xYHz5BPxwhwEZmbGLSBUIa5jo6N3a04y1%2FTFQLsotOy8tYlL%2BxVGNF%2BW6t4KkH0DSZ6D79kF%2FRSDfQUz%2BnIqoMAIf1xk8LHDYN2qkIw9D7ahy9nsb3A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
246C:250DC9:68570C:6AAD20:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=347&x=1", cfHdrFlush;dur=86
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-sjc1000124-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.722315,VS0,VE108
via
1.1 varnish
cf-ray
8e4a4a56ee0a9645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
7207
x-origin-cache
HIT
server
cloudflare
tippy.umd.min.js
www.blue-prints.blog/site_libs/quarto-html/
23 KB
9 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/tippy.umd.min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41181eeec6d7ba64cb9165f0e95563e34e026bde79e7c13aeec83270429b6fae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
107b4c3374c4575fb3d2c8a91bd5516194982495
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-5de1"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VCzK5Dnc1YXTS61ud9EVbm5%2FsDg7W%2BDV7hwBHDNu8rWo3RIxrH3MrmuKOQ8IP2O7ruTl6Xl6zlWet9hiToQSkMZgAnf7Vt3UNPir%2BIpcRlytYtoXrqUvuBhcVezFxzJXoVPbgBpm%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
4E28:375830:6932A2:6B88FD:673B925B
expires
Mon, 18 Nov 2024 19:25:39 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=109419&sent=216&recv=85&lost=0&retrans=1&sent_bytes=218494&recv_bytes=13035&delivery_rate=55446&cwnd=109200&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=1328&x=1", cfHdrFlush;dur=0
date
Mon, 18 Nov 2024 19:15:39 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-sjc1000091-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.722934,VS0,VE89
via
1.1 varnish
cf-ray
8e4a4a56ee0c9645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
8069
x-origin-cache
HIT
server
cloudflare
anchor.min.js
www.blue-prints.blog/site_libs/quarto-html/
6 KB
3 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/anchor.min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d16319f4f1786f685317ae84825bfff47e55c24ea59ce1b801b982271a3de964

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
60971b036bb0e995f22d366f6f6f7d3d7fc21d3d
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-1778"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WCSvnPMLG11uuNO2WZJmWSwTXsfJyIv5o4%2BhDINQKZsykfSUKKBQLqMjvrVi43b4AvDlxiLxepxZv8gcWIBdA7Gy%2BABr3K37IfPxgukogULtwnA3EV83Up12iKPkHl7vV66CGs1%2BOA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
7B55:109A68:69AD67:6C03EE:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=343&x=1", cfHdrFlush;dur=90
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc1000085-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.727486,VS0,VE102
via
1.1 varnish
cf-ray
8e4a4a56ee0d9645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
2621
server
cloudflare
tippy.css
www.blue-prints.blog/site_libs/quarto-html/
1 KB
1 KB
Stylesheet
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/tippy.css
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5969f497d9158d7682f8219c6f13fa67269cdf5bf50a3931d95327151dee5678

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
e8a1df3abbd55d4c02d5203dc26eedc05c4b924d
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-581"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wk65Lgj42sLkGyYJpvVIHPFcETZkidbBc3nSwdUAqbniCb%2BcbCd9b6h6N5JzQfK271pHS4W064j8ANfQGpIyrsA3TSYmFxSOwFwjFfDnLR2ZAd%2FcgsnvBaH1h6WJheL20B0Gfcpikg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
B980:38AC82:66C19B:691786:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=334&x=1", cfHdrFlush;dur=99
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10023-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.725817,VS0,VE96
via
1.1 varnish
cf-ray
8e4a4a56ee0e9645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
531
server
cloudflare
quarto-syntax-highlighting.css
www.blue-prints.blog/site_libs/quarto-html/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/quarto-syntax-highlighting.css
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0bc587508d01aeca9001b18b715287b8740833c1b9b70c1ca423a6159ee77a0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
6c23d0e150c676b910aad14959933bab0bf63bba
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-a13"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XN2cBG6gimpBP1PSN3yrFmhodjJHDbZSS%2F4Gfc%2FtaqR0WvLNp9Xsmr%2BBDiER%2BT6aPYpJg7g70MYvkBloMe6KyhSzYC21DcT%2BYQoL1FSu32Yt0GWJ2NGG2Sy4b%2BUagzsPhdgZMKnRHg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
C2CB:109A68:69AD66:6C03EC:673B9259
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=331&x=1", cfHdrFlush;dur=102
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-sjc1000129-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.721923,VS0,VE96
via
1.1 varnish
cf-ray
8e4a4a56ee0f9645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
611
x-origin-cache
HIT
server
cloudflare
quarto-syntax-highlighting-dark.css
www.blue-prints.blog/site_libs/quarto-html/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/quarto-syntax-highlighting-dark.css
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52e4baaee0725d0a985b5f51f2069cbcd109489eadfab5715787669bf7b7a7af

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
6323b3d90e8da70d44e572e6697f02c63c2d5812
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-a13"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESuXZamJpR5uxpge3w0%2Fa8upRyNO6K%2FWm1edhjQMmVVxNfl6MjAQj1ryfi7gMlDLM59ryLfFU41luDwYEu%2FyyUk4e3eqcg1tgEuISitP9QAz%2FYAdSuXJrcvwNpjI49gpibdOh6pgEg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
870F:2459B0:6AF1DF:6D585A:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=333&x=1", cfHdrFlush;dur=128
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10077-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.724539,VS0,VE96
via
1.1 varnish
cf-ray
8e4a4a56ee109645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
610
server
cloudflare
bootstrap.min.js
www.blue-prints.blog/site_libs/bootstrap/
76 KB
24 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/bootstrap/bootstrap.min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
108e64980791c80dd3ed2e7413a9259dc2bc91b1
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-13131"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TIXfTbcDIHzs%2Ben%2Fba6yMA3Hp447P3K3sVVCYfzVWa6d84boehAX7S30xZIJFeXOX%2BCZJgt5wWqPElnP2cdVN6dB6eIbvHelfeX4iK6ofEr%2F%2BpO7VI8xnCwdBY7ecnZsXKi1%2FJpq6w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
D4A4:456EB:65ED27:684266:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=336&x=1", cfHdrFlush;dur=199
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-sjc1000117-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.725888,VS0,VE97
via
1.1 varnish
cf-ray
8e4a4a56ee129645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
23257
x-origin-cache
HIT
server
cloudflare
bootstrap-icons.css
www.blue-prints.blog/site_libs/bootstrap/
93 KB
14 KB
Stylesheet
General
Full URL
https://www.blue-prints.blog/site_libs/bootstrap/bootstrap-icons.css
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b32ae5cae97f040f86d2488d6f05efed7520b7592b72d2972f5a11c3ef95b15a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
cf1b4bcee446dee8d0e944019a097d43faf0d5e1
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-1751d"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COQ3ekg3GpnW9LkTBjSn8vcjaTeiNEeCJmsGwpZ2ZV%2B%2FThg49EcdYME%2Fmr9TzfNq9NTHwN5%2FcHqA3pQRIUjCCuyKwVbv7GrUGnYNznO4ltey%2BeGHTmsqm8VqwGM%2B0Savd4viKf3FvA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
FFF0:456EB:65ED27:684267:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=343&x=1", cfHdrFlush;dur=192
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-sjc1000140-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.726758,VS0,VE95
via
1.1 varnish
cf-ray
8e4a4a56ee159645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
13467
x-origin-cache
HIT
server
cloudflare
bootstrap.min.css
www.blue-prints.blog/site_libs/bootstrap/
317 KB
48 KB
Stylesheet
General
Full URL
https://www.blue-prints.blog/site_libs/bootstrap/bootstrap.min.css
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
685916ad0855be0e51aa15f8270a4b2996cd7b56a26ee82b88fbdec16aa66f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
cf311d1157d944ea4e8aa0685711a875e7976155
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-4f23f"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IdFb47YZheRZYQHgfyB5Cn%2F5RkEUiwv7fAqroB5ilEs603oImZfevB4qUQEpQRveljAx%2BaTb%2BGsIA6JAeBx%2FkeWtczXwGMdefRx49yKJc3zbJbTvDNNy0LHP6jghMNSr2G7k20zcdw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
DAC1:109A68:69AD68:6C03F2:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=104216&sent=26&recv=27&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10471&delivery_rate=197&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=375&x=1", cfHdrFlush;dur=161
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-sjc1000133-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.731649,VS0,VE129
via
1.1 varnish
cf-ray
8e4a4a56ee179645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
48184
x-origin-cache
HIT
server
cloudflare
bootstrap-dark.min.css
www.blue-prints.blog/site_libs/bootstrap/
303 KB
46 KB
Stylesheet
General
Full URL
https://www.blue-prints.blog/site_libs/bootstrap/bootstrap-dark.min.css
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59801fa529d2887b3736827ec25a160689209d3915cde4ce72557f98be0e9943

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
8f8fe3ed1474a735ad150916e5ef290053376c87
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-4bcc9"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hl6%2BYlNf33H7rt%2F9yTulz1opbrzt3Psvmt3zPo0uuOPkWqFtFjiwyq9fjrmj0BhkVxiLFTYimpF7JJ5p9D%2FQ3bec1kLIdFKgx7arD5%2BD%2BGk5iRXeHDSW3TTAdWLs1xYBqt%2B21MDBLA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
0F69:19A16C:6857C7:6AAD6D:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=26&recv=26&lost=0&retrans=0&sent_bytes=16224&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=344&x=1", cfHdrFlush;dur=192
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc1000110-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.726753,VS0,VE105
via
1.1 varnish
cf-ray
8e4a4a56ee199645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
46226
server
cloudflare
js
www.googletagmanager.com/gtag/
322 KB
108 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-XGT9C0L1TL
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b79105bbd086bc632c1f45b9303343fe7b6f55116be748033f0cec4bb7635b2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Mon, 18 Nov 2024 19:15:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 19:15:39 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
109614
x-xss-protection
0
server
Google Tag Manager
zenscroll-min.js
www.blue-prints.blog/site_libs/quarto-html/
3 KB
2 KB
Script
General
Full URL
https://www.blue-prints.blog/site_libs/quarto-html/zenscroll-min.js
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f7580ba4b34ce38d43491c042c6b7aa8e5f314d7e7777e508c088f6f18af52a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
edc3eea208e826f1f2a219e2b32b824f3a6bfd39
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-d28"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KCsHKgtaG%2BM763W68JktX4i5pmw%2BP%2B%2FlLoOXENuEErdcDscf1Pouhe38uw5v90UEpQEn1SmR7ZPj5%2FUjDzAJAdaGLuGPDkNNjuYFxUaN38PQlq%2B8Ylr4kK3Fg4n43sPGo3U3KsTONg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
35A4:38695:6979F5:6BD0B2:673B925A
expires
Mon, 18 Nov 2024 19:25:38 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=102428&sent=18&recv=26&lost=0&retrans=0&sent_bytes=7646&recv_bytes=10427&delivery_rate=5604&cwnd=12000&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=327&x=1", cfHdrFlush;dur=0
date
Mon, 18 Nov 2024 19:15:38 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10076-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957339.726375,VS0,VE87
via
1.1 varnish
cf-ray
8e4a4a56ee1a9645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
1454
server
cloudflare
truncated
/
310 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
75ff8419673eb6ad7d63f823119e5b987c5ddd692bdfa82d79929ca0ccd0df2f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
380 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
bootstrap-icons.woff
www.blue-prints.blog/site_libs/bootstrap/
160 KB
161 KB
Font
General
Full URL
https://www.blue-prints.blog/site_libs/bootstrap/bootstrap-icons.woff?2ab2cbbe07fcebb53bdaa7313bb290f2
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/site_libs/bootstrap/bootstrap-icons.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d46de794b5eed876ff845af91350c33127f7519e10c3011e73ff65dce92ca979

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.blue-prints.blog
Referer
https://www.blue-prints.blog/site_libs/bootstrap/bootstrap-icons.css

Response headers

x-fastly-request-id
0fd05f25f2156659cd6fa847226a636c81f95ba2
cf-cache-status
MISS
etag
"6543a60a-28148"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q2zgo40qJeC4sRtLDGGLdk%2BYoLynK3aw6X2QYwYSU80I3ozcOGQ0IHsmdIc%2Bx%2Fdc1XgMaCwtS9Btx%2FXlEn%2F9ObUR4DRVU5zTGmQxdoAa9YvZIBDpPCp%2Bz9xPa7IIgJb0DX3xpSGREw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
F88F:375830:6932E2:6B893F:673B925B
expires
Mon, 18 Nov 2024 19:25:40 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=110566&sent=226&recv=88&lost=0&retrans=1&sent_bytes=227711&recv_bytes=13885&delivery_rate=20604&cwnd=109200&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=1643&x=1", cfHdrFlush;dur=0
date
Mon, 18 Nov 2024 19:15:40 GMT
content-type
font/woff
x-served-by
cache-sjc1000102-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.029002,VS0,VE101
via
1.1 varnish
cf-ray
8e4a4a5f1df19645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
164168
x-origin-cache
HIT
server
cloudflare
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-XGT9C0L1TL&gtm=45je4be0v9112922878za200&_p=1731957339900&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067554~102067808~102077855&cid=1976169258.1731957340&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1731957339&sct=1&seg=0&dl=https%3A%2F%2Fwww.blue-prints.blog%2Fcontent%2Fblog%2Fposts%2Flolbin%2Faddinutil-lolbas.html&dt=Blue-Prints%20Blog%20-%20Insecure%20Deserialization%20in%20AddinUtil.exe&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.anonymize_ip=true&tfd=1567
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XGT9C0L1TL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.blue-prints.blog
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 18 Nov 2024 19:15:40 GMT
content-type
text/plain
server
Golfe2
AddinRoot-LOLBAS.mp4
www.blue-prints.blog/content/blog/posts/lolbin/
40 KB
0
Media
General
Full URL
https://www.blue-prints.blog/content/blog/posts/lolbin/AddinRoot-LOLBAS.mp4
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

x-fastly-request-id
6ef0f7f9675e19777eb02801aacbf765581c8bdd
cf-cache-status
MISS
etag
"6543a60a-1806b2"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fc5dcfo%2FoQ42qBmCfv6I%2FqsvZA2ExNfV6D6ZE%2BB172%2B%2B1jj5NcmXyZx6Mili0RvYdwDAj7cQNU934yOgLKJrsgaSj6fRKdGgizgfvMlrM8rxwIQvPui3O9DDEsEniJxPzDiOU1Swvw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
35A4:38695:697B61:6BD211:673B925B
expires
Mon, 18 Nov 2024 19:25:40 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=110566&sent=318&recv=89&lost=0&retrans=1&sent_bytes=336938&recv_bytes=14303&delivery_rate=20604&cwnd=109200&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=1725&x=1", cfHdrFlush;dur=23
date
Mon, 18 Nov 2024 19:15:40 GMT
content-type
video/mp4
x-served-by
cache-sjc10022-SJC
x-cache-hits
0
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.070007,VS0,VE136
Content-Range
bytes 0-1574577/1574578
via
1.1 varnish
cf-ray
8e4a4a5f5e1b9645-SJC
access-control-allow-origin
*
Content-Length
1574578
x-origin-cache
HIT
server
cloudflare
PipelineRoot-LOLBAS.mp4
www.blue-prints.blog/content/blog/posts/lolbin/
35 KB
0
Media
General
Full URL
https://www.blue-prints.blog/content/blog/posts/lolbin/PipelineRoot-LOLBAS.mp4
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

x-fastly-request-id
1cc6f3582be03de4d3ce6705390abd8cfeeef596
cf-cache-status
MISS
etag
"6543a60a-19f1ff"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7RTE6OF1%2B2pj8aErxrgXA9jZZoMHLHckBWOrm9FibpM3eTQ3FietK%2FZCbtWGMQOtZYmBJfwMlJ5LViyep0%2BQ56Dm87GqCF2RSifTdNLXMCopMaYkValmafgqATCd4FIO4p2KD4oJ1w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
8CBC:250DC9:685872:6AAE88:673B925C
expires
Mon, 18 Nov 2024 19:25:40 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=109170&sent=491&recv=99&lost=0&retrans=1&sent_bytes=543338&recv_bytes=14748&delivery_rate=492544&cwnd=206400&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=1849&x=1", cfHdrFlush;dur=4
date
Mon, 18 Nov 2024 19:15:40 GMT
content-type
video/mp4
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc1000146-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.220233,VS0,VE113
Content-Range
bytes 0-1700350/1700351
via
1.1 varnish
cf-ray
8e4a4a604ef99645-SJC
access-control-allow-origin
*
Content-Length
1700351
server
cloudflare
truncated
/
562 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d87343a1eff3f7b5ac517f3b5b9b72702d84d98e17030fbe5b7252ae7855b76e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
567 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2a0289bbc577eb1a4fa08b8695e14ddd17a33cc52b52cc2327a9f9f6a15ad2ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
177 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
351 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
242 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
227 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc69a330b9b9e0e7b9ba6f79fd32a2096294f0c75c60a8554996ad6a7feddbf5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
996 B
996 B
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae53e6a7f12c42b50bf79e03f33632ef86f8b953ad5fd0875825c1b740b068bb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.blue-prints.blog
Referer

Response headers

Content-Type
n/a
AddinRoot-LOLBAS.mp4
www.blue-prints.blog/content/blog/posts/lolbin/
34 KB
35 KB
Media
General
Full URL
https://www.blue-prints.blog/content/blog/posts/lolbin/AddinRoot-LOLBAS.mp4
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9edadc8e587b995dda86618675ee0be986cedb80e2d1bc6370f8e35bffb37833

Request headers

Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=1540096-

Response headers

x-fastly-request-id
6ef0f7f9675e19777eb02801aacbf765581c8bdd
cf-cache-status
HIT
etag
"6543a60a-1806b2"
age
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B5jjjO8NdAipiD8em4m6qvzpq%2FXn5S2lQhyvAAWs2TfXHWSfU6E%2FVO0y3RhcdE22MkZXV9q6Az7nq3gGeJwZxSy73vpL8YEHi9vkP2q5pQDcFfnn2XvP1Cy4AMT9uMJ0rHKJGQYZUg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
35A4:38695:697B61:6BD211:673B925B
expires
Mon, 18 Nov 2024 19:25:40 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=113395&sent=1534&recv=201&lost=3&retrans=1&sent_bytes=1752967&recv_bytes=20887&delivery_rate=3365393&cwnd=264012&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=2129&x=1", cfHdrFlush;dur=69
date
Mon, 18 Nov 2024 19:15:40 GMT
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10022-SJC
x-cache-hits
0
content-type
video/mp4
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.070007,VS0,VE136
Content-Range
bytes 1540096-1574577/1574578
via
1.1 varnish
cf-ray
8e4a4a62d91f9645-SJC
access-control-allow-origin
*
Content-Length
34482
x-origin-cache
HIT
server
cloudflare
PipelineRoot-LOLBAS.mp4
www.blue-prints.blog/content/blog/posts/lolbin/
57 KB
0
Media
General
Full URL
https://www.blue-prints.blog/content/blog/posts/lolbin/PipelineRoot-LOLBAS.mp4
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=1343488-

Response headers

x-fastly-request-id
1cc6f3582be03de4d3ce6705390abd8cfeeef596
cf-cache-status
HIT
etag
"6543a60a-19f1ff"
age
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSBSx40kIlxBPESuxg5%2F3br%2BJgmdd0%2BqqLfQqFSGAv4JQpmjvFhrwxRDUPIrWEsjdRzQa9V6fm%2Fp8qZIWlIEJlS8r%2FIEMfU2j3VkJEwJlnBrnv%2BWzATGaKQrC%2BJusgxrHXlEc%2FTK8g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
8CBC:250DC9:685872:6AAE88:673B925C
expires
Mon, 18 Nov 2024 19:25:40 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=132985&sent=1201&recv=155&lost=1&retrans=1&sent_bytes=1380288&recv_bytes=18194&delivery_rate=2922717&cwnd=377160&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=2011&x=1", cfHdrFlush;dur=49
date
Mon, 18 Nov 2024 19:15:40 GMT
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc1000146-SJC
x-cache-hits
0
content-type
video/mp4
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.220233,VS0,VE113
Content-Range
bytes 1343488-1700350/1700351
via
1.1 varnish
cf-ray
8e4a4a6218719645-SJC
access-control-allow-origin
*
Content-Length
356863
server
cloudflare
PipelineRoot-LOLBAS.mp4
www.blue-prints.blog/content/blog/posts/lolbin/
100 KB
0
Media
General
Full URL
https://www.blue-prints.blog/content/blog/posts/lolbin/PipelineRoot-LOLBAS.mp4
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=32768-

Response headers

x-fastly-request-id
1cc6f3582be03de4d3ce6705390abd8cfeeef596
cf-cache-status
HIT
etag
"6543a60a-19f1ff"
age
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSBSx40kIlxBPESuxg5%2F3br%2BJgmdd0%2BqqLfQqFSGAv4JQpmjvFhrwxRDUPIrWEsjdRzQa9V6fm%2Fp8qZIWlIEJlS8r%2FIEMfU2j3VkJEwJlnBrnv%2BWzATGaKQrC%2BJusgxrHXlEc%2FTK8g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
8CBC:250DC9:685872:6AAE88:673B925C
expires
Mon, 18 Nov 2024 19:25:40 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=132985&sent=1201&recv=155&lost=1&retrans=1&sent_bytes=1380288&recv_bytes=18194&delivery_rate=2922717&cwnd=377160&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=2011&x=1", cfHdrFlush;dur=49
date
Mon, 18 Nov 2024 19:15:40 GMT
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc1000146-SJC
x-cache-hits
0
content-type
video/mp4
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.220233,VS0,VE113
Content-Range
bytes 32768-1700350/1700351
via
1.1 varnish
cf-ray
8e4a4a6218719645-SJC
access-control-allow-origin
*
Content-Length
1667583
server
cloudflare
AddinRoot-LOLBAS.mp4
www.blue-prints.blog/content/blog/posts/lolbin/
99 KB
0
Media
General
Full URL
https://www.blue-prints.blog/content/blog/posts/lolbin/AddinRoot-LOLBAS.mp4
Requested by
Host: www.blue-prints.blog
URL: https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Range
bytes=32768-

Response headers

x-fastly-request-id
6ef0f7f9675e19777eb02801aacbf765581c8bdd
cf-cache-status
HIT
etag
"6543a60a-1806b2"
age
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B5jjjO8NdAipiD8em4m6qvzpq%2FXn5S2lQhyvAAWs2TfXHWSfU6E%2FVO0y3RhcdE22MkZXV9q6Az7nq3gGeJwZxSy73vpL8YEHi9vkP2q5pQDcFfnn2XvP1Cy4AMT9uMJ0rHKJGQYZUg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
35A4:38695:697B61:6BD211:673B925B
expires
Mon, 18 Nov 2024 19:25:40 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=113395&sent=1534&recv=201&lost=3&retrans=1&sent_bytes=1752967&recv_bytes=20887&delivery_rate=3365393&cwnd=264012&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=2129&x=1", cfHdrFlush;dur=69
date
Mon, 18 Nov 2024 19:15:40 GMT
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc10022-SJC
x-cache-hits
0
content-type
video/mp4
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957340.070007,VS0,VE136
Content-Range
bytes 32768-1574577/1574578
via
1.1 varnish
cf-ray
8e4a4a62d91f9645-SJC
access-control-allow-origin
*
Content-Length
1541810
x-origin-cache
HIT
server
cloudflare
favicon.ico
www.blue-prints.blog/assets/
15 KB
3 KB
Other
General
Full URL
https://www.blue-prints.blog/assets/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.140.179 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e96aaaba1e02615338593b48f783a05923e256fff1a3883a58c56ba321c58284

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.blue-prints.blog/content/blog/posts/lolbin/addinutil-lolbas.html

Response headers

x-fastly-request-id
68cf40755e8391b94e47e858cebb989c85dbe156
content-encoding
gzip
cf-cache-status
MISS
etag
W/"6543a60a-3aee"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0OI5tTG48G8HCSKNc9tpp%2F5P4qgNEKT6ErluS5gjhU3J3MAM3a2gevdoysIXkJd88p2sNK64BHcodQrRV7%2BOXQ8iSrK4iifEgXgSx2gDo4vIBXxlhwjBg5EcIp47ADLp%2BPA4yObIzw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-github-request-id
6AB3:109A68:69AFE3:6C066F:673B925D
expires
Mon, 18 Nov 2024 19:25:41 GMT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=110211&sent=3751&recv=425&lost=5&retrans=3&sent_bytes=4338985&recv_bytes=32518&delivery_rate=3778802&cwnd=431160&unsent_bytes=0&cid=0526ae69fa3d5d32&ts=2884&x=1", cfHdrFlush;dur=0
date
Mon, 18 Nov 2024 19:15:41 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 02 Nov 2023 13:37:14 GMT
x-served-by
cache-sjc1000146-SJC
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-timer
S1731957341.259557,VS0,VE112
via
1.1 varnish
cf-ray
8e4a4a66cc8a9645-SJC
accept-ranges
bytes
access-control-allow-origin
*
content-length
2595
server
cloudflare

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Headroom function| ClipboardJS object| @algolia/autocomplete-js object| e function| t function| Fuse function| configurePlugins function| deferredLoadPlugin function| validateItems function| showCopyLink function| readSearchData function| inputElement function| focusSearchInput function| renderItem function| createDocumentCard function| createMoreCard function| toggleExpanded function| createSectionCard function| createSection function| createErrorCard function| positionPanel function| highlightMatch function| clipStart function| clipEnd function| findSpace function| clearHighlight function| escapeRegExp function| highlight function| offsetURL function| getMeta function| algoliaSearch function| fuseSearch function| throttle function| nexttick object| Popper function| tippy function| AnchorJS object| anchors number| uidEvent object| bootstrap function| gtag object| dataLayer object| google_tag_manager object| google_tag_data object| zenscroll function| onYouTubeIframeAPIReady object| gaGlobal function| quartoToggleHeadroom object| _listeners function| quartoOpenSearch function| quartoToggleReader object| child function| quartoToggleColorScheme

2 Cookies

Domain/Path Name / Value
.blue-prints.blog/ Name: _ga_XGT9C0L1TL
Value: GS1.1.1731957339.1.0.1731957339.0.0.0
.blue-prints.blog/ Name: _ga
Value: GA1.1.1976169258.1731957340

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.blue-prints.blog
www.google-analytics.com
www.googletagmanager.com
172.67.140.179
2606:4700:3034::ac43:8cb3
2607:f8b0:4006:80e::200e
2607:f8b0:4006:824::2008
0298185bdd0ae7681b22035d5c2917555b12a4ce41d724bc61a160ecd2bdcabb
0a7b9a51e43777d78f9b5bfb613f1f500e3a1a582b05801f50addb3fb914d15c
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
2a0289bbc577eb1a4fa08b8695e14ddd17a33cc52b52cc2327a9f9f6a15ad2ce
3f7580ba4b34ce38d43491c042c6b7aa8e5f314d7e7777e508c088f6f18af52a
41181eeec6d7ba64cb9165f0e95563e34e026bde79e7c13aeec83270429b6fae
52e4baaee0725d0a985b5f51f2069cbcd109489eadfab5715787669bf7b7a7af
5969f497d9158d7682f8219c6f13fa67269cdf5bf50a3931d95327151dee5678
59801fa529d2887b3736827ec25a160689209d3915cde4ce72557f98be0e9943
5b80cc4165a661a3f2060d6bdb5ccff591f04c4f8e39a06c12d3c2544587cb17
685916ad0855be0e51aa15f8270a4b2996cd7b56a26ee82b88fbdec16aa66f7d
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
75ff8419673eb6ad7d63f823119e5b987c5ddd692bdfa82d79929ca0ccd0df2f
82b10080f876502d10fd667443d8cd328185c3920c1f8d70af3e9f8d205d24ab
85c83b254d39638d514c5190c81deaf929743f9e6e59133e2edb20239d806dce
9edadc8e587b995dda86618675ee0be986cedb80e2d1bc6370f8e35bffb37833
ae53e6a7f12c42b50bf79e03f33632ef86f8b953ad5fd0875825c1b740b068bb
b32ae5cae97f040f86d2488d6f05efed7520b7592b72d2972f5a11c3ef95b15a
b79105bbd086bc632c1f45b9303343fe7b6f55116be748033f0cec4bb7635b2c
b8de22a64226dd7912ad3112e7bcbc8b9b98ebbe15daa4ebe8528c95cf03580b
c57339c3fa16b1d69d9a6b46749a8139ef8d4fc9bbfe48144ff897aa7d4222ec
cc69a330b9b9e0e7b9ba6f79fd32a2096294f0c75c60a8554996ad6a7feddbf5
d16319f4f1786f685317ae84825bfff47e55c24ea59ce1b801b982271a3de964
d46de794b5eed876ff845af91350c33127f7519e10c3011e73ff65dce92ca979
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
d87343a1eff3f7b5ac517f3b5b9b72702d84d98e17030fbe5b7252ae7855b76e
de866a3965cea96f92ed595f52405de2e32a0a01f2c6cb2f034bf0de2d36bdf8
e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9
e96aaaba1e02615338593b48f783a05923e256fff1a3883a58c56ba321c58284
f0bc587508d01aeca9001b18b715287b8740833c1b9b70c1ca423a6159ee77a0
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3