madshjortlarsen.dk Open in urlscan Pro
94.231.107.219 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://madshjortlarsen.dk/decrypt-lsa-secrets/
Submission: On August 08 via manual (August 8th 2022, 1:55:50 pm UTC) from DE — Scanned from DK

Summary HTTP 16 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 16 HTTP transactions. The main IP is 94.231.107.219, located in Skanderborg, Denmark and belongs to ZITCOM, DK. The main domain is madshjortlarsen.dk.

This is the only time madshjortlarsen.dk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	94.231.107.219 94.231.107.219	48854 (ZITCOM) (ZITCOM)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:bdf::44 2620:1ec:bdf::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	2a02:26f0:350... 2a02:26f0:3500:894::2f1e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
16	4

12 94.231.107.219 (Skanderborg, Denmark)

ASN48854 (ZITCOM, DK)
PTR: linux35.unoeuro.com

madshjortlarsen.dk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::44 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

blogs.technet.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:894::2f1e (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

devblogs.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	madshjortlarsen.dk madshjortlarsen.dk	181 KB
3	microsoft.com 2 redirects blogs.technet.microsoft.com — Cisco Umbrella Rank: 302773 devblogs.microsoft.com — Cisco Umbrella Rank: 102750	1 KB
2	gstatic.com fonts.gstatic.com	64 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	1 KB
16	4

	Domain	Requested by
12	madshjortlarsen.dk	madshjortlarsen.dk
2	fonts.gstatic.com	fonts.googleapis.com
2	devblogs.microsoft.com	1 redirects madshjortlarsen.dk
1	blogs.technet.microsoft.com	1 redirects
1	fonts.googleapis.com	madshjortlarsen.dk
16	5

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
blogs.technet.microsoft.com
quickclix.wordpress.com
crestaproject.com

Subject Issuer	Validity	Valid
devblogs.microsoft.com Microsoft RSA TLS CA 02	`2021-09-09` - `2022-09-09`	a year	crt.sh

This page contains 2 frames:

Primary Page: http://madshjortlarsen.dk/decrypt-lsa-secrets/
Frame ID: 5DE8368C432B6163BDFC294CFE8309C6
Requests: 15 HTTP requests in this frame

Frame: https://devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/
Frame ID: 9BEE749588A7C10093A0F3FBF5FFA9FC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Decrypt LSA Secrets – The ramblings of a madman

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

6 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

246 kB
Transfer

456 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/in/madshjortlarsen
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/heyscriptingguy/2012/07/06/use-powershell-to-decrypt-lsa-secrets-from-the-registry/
Title: this Scripting Guy post

Search URL Search Domain Scan URL

URL: https://quickclix.wordpress.com/2014/10/30/stringarrayasmenu/
Title: Dynamic Pick Lists in Powershell

Search URL Search Domain Scan URL

URL: https://crestaproject.com/downloads/drento/
Title: Drento

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://blogs.technet.microsoft.com/heyscriptingguy/2012/07/06/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/ HTTP 301
https://devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed HTTP 301
https://devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
madshjortlarsen.dk/decrypt-lsa-secrets/ 30 KB
10 KB 485ms
389ms Document
text/html 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

b0505e710914c7b227499b45caafb74d805200696bae688548afbfb672f1603e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 9728
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 Aug 2022 13:55:45 GMT
Keep-Alive: timeout=20, max=10000
Link: <http://madshjortlarsen.dk/wp-json/>; rel="https://api.w.org/", <http://madshjortlarsen.dk/wp-json/wp/v2/posts/53>; rel="alternate"; type="application/json", <http://madshjortlarsen.dk/?p=53>; rel=shortlink
Server: Apache
SimplyCom-Server: Apache
Upgrade: h2
Vary: Accept-Encoding
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK style.min.css
madshjortlarsen.dk/wp-includes/css/dist/block-library/ 53 KB
8 KB 56ms
56ms Stylesheet
text/css 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-includes/css/dist/block-library/style.min.css?ver=5.5.9

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:30:13 GMT
Server: Apache
ETag: "d293-5b22019143e85-gzip"
Vary: Accept-Encoding
Content-Type: text/css
SimplyCom-Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=20, max=9999
Content-Length: 7907

GET
H/1.1 200
OK style.css
madshjortlarsen.dk/wp-content/themes/drento/ 46 KB
9 KB 109ms
54ms Stylesheet
text/css 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-content/themes/drento/style.css?ver=1.5.1

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

af041096955b19ed7736f7cea33fdec2400572a41bad486ff9eed91242d5bfc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:59:51 GMT
Server: Apache
ETag: "b695-5b220831a7e7c-gzip"
Vary: Accept-Encoding
Upgrade: h2
SimplyCom-Server: Apache
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=20, max=10000
Content-Length: 9232

GET
H/1.1 200
OK font-awesome.min.css
madshjortlarsen.dk/wp-content/themes/drento/css/ 30 KB
7 KB 108ms
53ms Stylesheet
text/css 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-content/themes/drento/css/font-awesome.min.css?ver=4.7.0

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:59:51 GMT
Server: Apache
ETag: "791c-5b220831a8264-gzip"
Vary: Accept-Encoding
Upgrade: h2
SimplyCom-Server: Apache
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: text/css
Keep-Alive: timeout=20, max=10000
Content-Length: 7057

GET
H/1.1 200
OK css
fonts.googleapis.com/ 10 KB
1 KB 180ms
90ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Montserrat:400,700%7CRoboto+Slab:300,400,700&display=swap

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

680dbc8d7977d2f93c74820c887bd376864a73f069e33f237adf7bb5706a585e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Mon, 08 Aug 2022 13:55:46 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 08 Aug 2022 13:55:46 GMT

GET
H/1.1 200
OK jquery.js Show response
madshjortlarsen.dk/wp-includes/js/jquery/ 95 KB
33 KB 110ms
56ms Script
application/javascript 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:56:51 GMT
Server: Apache
ETag: "17a69-5b2207860240a-gzip"
Vary: Accept-Encoding
Upgrade: h2
SimplyCom-Server: Apache
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=20, max=10000
Content-Length: 33776

GET
H/1.1 200
OK jquery.drento.min.js Show response
madshjortlarsen.dk/wp-content/themes/drento/js/ 3 KB
1 KB 109ms
53ms Script
application/javascript 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-content/themes/drento/js/jquery.drento.min.js?ver=1.5.1

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

e30307d7e33633f47b154f837a227b5f6e039a7676dacebea33225f3749e2ad3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:59:51 GMT
Server: Apache
ETag: "bec-5b220831a76ac-gzip"
Vary: Accept-Encoding
Upgrade: h2
SimplyCom-Server: Apache
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=20, max=10000
Content-Length: 946

GET
H/1.1 200
OK jquery.nanoscroller.min.js Show response
madshjortlarsen.dk/wp-content/themes/drento/js/ 10 KB
4 KB 109ms
54ms Script
application/javascript 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-content/themes/drento/js/jquery.nanoscroller.min.js?ver=0.8.7

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

ffcb97ad83bc80ab7bada64b35cf544cec7ed18c6166ed3b60d936b3d6d61760

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:59:51 GMT
Server: Apache
ETag: "2807-5b220831a76ac-gzip"
Vary: Accept-Encoding
Upgrade: h2
SimplyCom-Server: Apache
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: application/javascript
Keep-Alive: timeout=20, max=10000
Content-Length: 3384

GET
H/1.1 200
OK navigation.min.js Show response
madshjortlarsen.dk/wp-content/themes/drento/js/ 1 KB
1011 B 114ms
51ms Script
application/javascript 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-content/themes/drento/js/navigation.min.js?ver=20120206

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

fe31aca33128221bbbdac3a13c4a3aa2532cd1986b01012772f14f6883849061

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:59:51 GMT
Server: Apache
ETag: "599-5b220831a76ac-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
SimplyCom-Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=20, max=9998
Content-Length: 616

GET
H/1.1 200
OK wp-embed.min.js Show response
madshjortlarsen.dk/wp-includes/js/ 1 KB
1 KB 156ms
47ms Script
application/javascript 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-includes/js/wp-embed.min.js?ver=5.5.9

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 15:04:01 GMT
Server: Apache
ETag: "592-5c0042c6c0aa5-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
SimplyCom-Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=20, max=9999
Content-Length: 765

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
madshjortlarsen.dk/wp-includes/js/ 14 KB
5 KB 48ms
48ms Script
application/javascript 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-includes/js/wp-emoji-release.min.js?ver=5.5.9

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Apr 2021 15:04:01 GMT
Server: Apache
ETag: "3795-5c0042c6b995d-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
SimplyCom-Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=20, max=9999
Content-Length: 4662

GET
H2

200

/
devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/ Frame 9BEE
Redirect Chain

https://blogs.technet.microsoft.com/heyscriptingguy/2012/07/06/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/
https://devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed
https://devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/

0
0

1272ms
1272ms

Document
text/html

2a02:26f0:3500:894::2f1e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:894::2f1e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx / WP Engine

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' https:
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://madshjortlarsen.dk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

content-encoding: gzip
content-length: 19062
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https:
content-type: text/html; charset=UTF-8
date: Mon, 08 Aug 2022 13:55:49 GMT
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
link: <https://devblogs.microsoft.com/scripting/wp-json/>; rel="https://api.w.org/" <https://devblogs.microsoft.com/scripting/wp-json/wp/v2/posts/8801>; rel="alternate"; type="application/json" <https://devblogs.microsoft.com/scripting/?p=8801>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pass-why: custom-path
x-powered-by: WP Engine
x-wp-embed: true
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https:
content-type: text/html; charset=UTF-8
date: Mon, 08 Aug 2022 13:55:47 GMT
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
location: https://devblogs.microsoft.com/scripting/use-powershell-to-decrypt-lsa-secrets-from-the-registry/embed/
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pass-why: custom-path
x-powered-by: WP Engine
x-redirect-by: WordPress
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v24/ 32 KB
33 KB 167ms
88ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/robotoslab/v24/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Montserrat:400,700%7CRoboto+Slab:300,400,700&display=swap

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a3993918629dfd6a59c4563e9b4d464152b51d4113957ab8ebfbdcbcdc7f536

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://madshjortlarsen.dk
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Wed, 03 Aug 2022 00:51:27 GMT
X-Content-Type-Options: nosniff
Age: 479059
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 32860
X-XSS-Protection: 0
Last-Modified: Mon, 11 Jul 2022 19:12:50 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Thu, 03 Aug 2023 00:51:27 GMT

GET
H/1.1 200
OK JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
31 KB 166ms
87ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Montserrat:400,700%7CRoboto+Slab:300,400,700&display=swap

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://madshjortlarsen.dk
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Thu, 04 Aug 2022 02:26:08 GMT
X-Content-Type-Options: nosniff
Age: 386978
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 30928
X-XSS-Protection: 0
Last-Modified: Mon, 11 Jul 2022 18:57:39 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Fri, 04 Aug 2023 02:26:08 GMT

GET
H/1.1 200
OK fontawesome-webfont.woff2
madshjortlarsen.dk/wp-content/themes/drento/fonts/ 75 KB
76 KB 47ms
46ms Font
font/woff2 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to

Full URL

http://madshjortlarsen.dk/wp-content/themes/drento/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/wp-content/themes/drento/css/font-awesome.min.css?ver=4.7.0

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://madshjortlarsen.dk/wp-content/themes/drento/css/font-awesome.min.css?ver=4.7.0
Origin: http://madshjortlarsen.dk
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:59:51 GMT
Server: Apache
ETag: "12d68-5b220831a76ac"
Content-Type: font/woff2
Cache-Control: max-age=600
SimplyCom-Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=20, max=9998
Content-Length: 77160
Expires: Mon, 08 Aug 2022 14:05:46 GMT

GET
H/1.1 200
OK Untitled123.png
madshjortlarsen.dk/wp-content/uploads/2016/08/ 25 KB
25 KB 47ms
47ms Image
image/png 94.231.107.219
ZITCOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://madshjortlarsen.dk/wp-content/uploads/2016/08/Untitled123.png

Requested by

Host: madshjortlarsen.dk
URL: http://madshjortlarsen.dk/decrypt-lsa-secrets/

Protocol

HTTP/1.1

Server

94.231.107.219 Skanderborg, Denmark, ASN48854 (ZITCOM, DK),

Reverse DNS

linux35.unoeuro.com

Software

Apache /

Resource Hash

3fab387b7bf6af0a1ffb3fb3f126b34125e5c9740dca4052bb3cbba516c44ca2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: da-DK,da;q=0.9
Referer: http://madshjortlarsen.dk/decrypt-lsa-secrets/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Mon, 08 Aug 2022 13:55:46 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 20:40:21 GMT
Server: Apache
ETag: "639d-5b2203d5800ce"
Content-Type: image/png
Cache-Control: max-age=600
SimplyCom-Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=20, max=9997
Content-Length: 25501
Expires: Mon, 08 Aug 2022 14:05:46 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://devblogs.microsoft.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blogs.technet.microsoft.com
devblogs.microsoft.com
fonts.googleapis.com
fonts.gstatic.com
madshjortlarsen.dk
2620:1ec:bdf::44
2a00:1450:4001:806::200a
2a00:1450:4001:813::2003
2a02:26f0:3500:894::2f1e
94.231.107.219
07e4203b9f313b587b1d53f896e63771ec85f9b0d4c2ac5fa64089457784d847
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3fab387b7bf6af0a1ffb3fb3f126b34125e5c9740dca4052bb3cbba516c44ca2
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
680dbc8d7977d2f93c74820c887bd376864a73f069e33f237adf7bb5706a585e
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
9a3993918629dfd6a59c4563e9b4d464152b51d4113957ab8ebfbdcbcdc7f536
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
af041096955b19ed7736f7cea33fdec2400572a41bad486ff9eed91242d5bfc7
b0505e710914c7b227499b45caafb74d805200696bae688548afbfb672f1603e
e30307d7e33633f47b154f837a227b5f6e039a7676dacebea33225f3749e2ad3
fe31aca33128221bbbdac3a13c4a3aa2532cd1986b01012772f14f6883849061
ffcb97ad83bc80ab7bada64b35cf544cec7ed18c6166ed3b60d936b3d6d61760

madshjortlarsen.dk Open in urlscan Pro 94.231.107.219 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

16 Requests

6 %HTTPS

80 %IPv6

4 Domains

5 Subdomains

4 IPs

3 Countries

246 kBTransfer

456 kBSize

0 Cookies

4 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

madshjortlarsen.dk Open in urlscan Pro
94.231.107.219 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

6 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

246 kB
Transfer

456 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions