www.ired.team Open in urlscan Pro
2606:4700::6812:91 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Submission: On March 01 via manual (March 1st 2021, 9:45:03 pm UTC) from GB

Summary HTTP 113 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 33 IPs in 2 countries across 22 domains to perform 113 HTTP transactions. The main IP is 2606:4700::6812:91, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.ired.team.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 27th 2020. Valid for: a year.

This is the only time www.ired.team was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700::68... 2606:4700::6812:91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700::68... 2606:4700::6812:86f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::621	54113 (FASTLY) (FASTLY)
4	13.224.195.44 13.224.195.44	16509 (AMAZON-02) (AMAZON-02)
35	2606:4700::68... 2606:4700::6812:96f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
2	185.199.108.133 185.199.108.133	54113 (FASTLY) (FASTLY)
2 2	209.59.132.164 209.59.132.164	32244 (LIQUIDWEB) (LIQUIDWEB)
2	72.52.228.51 72.52.228.51	32244 (LIQUIDWEB) (LIQUIDWEB)
2	2607:f1c0:100... 2607:f1c0:100f:f000::2af	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
2	192.0.72.28 192.0.72.28	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a05:d014:275... 2a05:d014:275:cb02:66df:50b:6e56:a6bf	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:7::... 2606:4700:7::a29f:9804	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e0:... 2606:4700:e0::ac40:6402	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
8	2600:1901:0:9... 2600:1901:0:94b6::	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2006	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
113	33

2 2606:4700::6812:91 (United States)

ASN13335 (CLOUDFLARENET, US)

www.ired.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7caf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6812:86f (United States)

ASN13335 (CLOUDFLARENET, US)

gstatic.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::621 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.224.195.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-44.fra2.r.cloudfront.net

cdn.iframe.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2606:4700::6812:96f (United States)

ASN13335 (CLOUDFLARENET, US)

gblobscdn.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.gitbook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.199.108.133 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-108-133.github.com

avatars3.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.59.132.164 (United States) 2 redirects

ASN32244 (LIQUIDWEB, US)

blog.stealthbits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.52.228.51 (United States)

ASN32244 (LIQUIDWEB, US)

www.stealthbits.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f1c0:100f:f000::2af (United States)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

adsecurity.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.72.28 (United States)

ASN2635 (AUTOMATTIC, US)

pentestlab.files.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d014:275:cb02:66df:50b:6e56:a6bf (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

blog.xpnsec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:7::a29f:9804 (United States)

ASN13335 (CLOUDFLARENET, US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e0::ac40:6402 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.lr-ingest.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1901:0:94b6:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

gitbook-28427.firebaseio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-usc1c-nss-267.firebaseio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	gitbook.com gstatic.gitbook.com gblobscdn.gitbook.com app.gitbook.com www.gitbook.com	4 MB
17	youtube.com www.youtube.com	1 MB
8	firebaseio.com gitbook-28427.firebaseio.com s-usc1c-nss-267.firebaseio.com	3 KB
5	doubleclick.net 1 redirects googleads.g.doubleclick.net static.doubleclick.net	2 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	37 KB
4	stealthbits.com 2 redirects blog.stealthbits.com www.stealthbits.com	1 MB
4	iframe.ly cdn.iframe.ly	21 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	ytimg.com i.ytimg.com	136 KB
2	ggpht.com yt3.ggpht.com	6 KB
2	google.com www.google.com	13 KB
2	medium.com miro.medium.com	405 KB
2	xpnsec.com blog.xpnsec.com
2	wordpress.com pentestlab.files.wordpress.com	442 KB
2	adsecurity.org adsecurity.org	294 KB
2	githubusercontent.com avatars3.githubusercontent.com	20 KB
2	googleusercontent.com lh5.googleusercontent.com	14 KB
2	ired.team www.ired.team	403 KB
1	lr-ingest.io cdn.lr-ingest.io	116 KB
1	polyfill.io polyfill.io	536 B
1	unpkg.com unpkg.com	14 KB
1	googleapis.com fonts.googleapis.com	664 B
113	22

	Domain	Requested by
34	gblobscdn.gitbook.com	www.ired.team gstatic.gitbook.com
17	www.youtube.com	cdn.iframe.ly www.youtube.com www.ired.team
8	gstatic.gitbook.com	www.ired.team gstatic.gitbook.com
7	s-usc1c-nss-267.firebaseio.com	gstatic.gitbook.com
4	cdn.iframe.ly	www.ired.team gstatic.gitbook.com
3	www.google-analytics.com	gstatic.gitbook.com
3	googleads.g.doubleclick.net	1 redirects www.youtube.com
3	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
2	www.gstatic.com	www.youtube.com
2	i.ytimg.com	www.youtube.com
2	yt3.ggpht.com	www.youtube.com
2	www.google.com	www.youtube.com
2	static.doubleclick.net	www.youtube.com
2	miro.medium.com	www.ired.team
2	blog.xpnsec.com	www.ired.team
2	pentestlab.files.wordpress.com	www.ired.team
2	adsecurity.org	www.ired.team
2	www.stealthbits.com	www.ired.team
2	blog.stealthbits.com	2 redirects
2	avatars3.githubusercontent.com	www.ired.team
2	lh5.googleusercontent.com	www.ired.team gstatic.gitbook.com
2	www.ired.team	www.ired.team
1	www.gitbook.com	gstatic.gitbook.com
1	gitbook-28427.firebaseio.com	gstatic.gitbook.com
1	app.gitbook.com	gstatic.gitbook.com
1	cdn.lr-ingest.io	gstatic.gitbook.com
1	polyfill.io	www.ired.team
1	unpkg.com	www.ired.team
1	fonts.googleapis.com	www.ired.team
113	29

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
github.com
twitter.com
www.patreon.com
www.gitbook.com
adsecurity.org
firebasestorage.googleapis.com
files.sans.org
attack.mitre.org
blog.stealthbits.com
www.harmj0y.net
pentestlab.blog
blog.xpnsec.com
rc4.online-domain-tools.com
crackstation.net
blogs.technet.microsoft.com
medium.com

Subject Issuer	Validity	Valid
www.ired.team Cloudflare Inc ECC CA-3	`2020-11-27` - `2021-11-26`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-02` - `2021-08-02`	a year	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-10-26` - `2021-04-17`	6 months	crt.sh
*.iframe.ly Amazon	`2020-12-17` - `2022-01-15`	a year	crt.sh
*.googleusercontent.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
stealthbits.com cPanel, Inc. Certification Authority	`2020-12-24` - `2021-03-24`	3 months	crt.sh
www.adsecurity.org GeoTrust RSA CA 2018	`2020-02-27` - `2021-03-28`	a year	crt.sh
*.files.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-21` - `2022-01-21`	a year	crt.sh
blog.xpnsec.com R3	`2021-02-16` - `2021-05-17`	3 months	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2021-01-08` - `2021-04-07`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
edgestatic.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
firebaseio.com GTS CA 1O1	`2021-01-12` - `2021-07-11`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Frame ID: 0411F4D33DC2B449606B7F3933D76CA1
Requests: 71 HTTP requests in this frame

Frame: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
Frame ID: BB0D60EB6E298BD28A1B8AB3076EF6F2
Requests: 18 HTTP requests in this frame

Frame: https://gitbook-28427.firebaseio.com/.lp?start=t&ser=54096687&cb=1&v=5
Frame ID: 6D4266689AEC18189D81953D7928CB37
Requests: 7 HTTP requests in this frame

Frame: https://s-usc1c-nss-267.firebaseio.com/.lp?dframe=t&id=2837540&pw=3lCTrPjtw7&ns=gitbook-28427
Frame ID: 24576F1421681573AE01A290F1037F82
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
Frame ID: 7B5FF5C4F95220EACB72DB0D95D46DA6
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /\/polyfill\.min\.js/i

Page Statistics

113
Requests

98 %
HTTPS

85 %
IPv6

22
Domains

29
Subdomains

33
IPs

2
Countries

8782 kB
Transfer

18082 kB
Size

4
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/in/mantvydasb/
Title: linkedin

Search URL Search Domain Scan URL

URL: https://github.com/mantvydasb/RedTeam-Tactics-and-Techniques
Title: github

Search URL Search Domain Scan URL

URL: https://twitter.com/spotheplanet
Title: @spotheplanet

Search URL Search Domain Scan URL

URL: https://www.patreon.com/iredteam
Title: patreon

Search URL Search Domain Scan URL

URL: https://www.gitbook.com/?utm_source=content&utm_medium=trademark&utm_campaign=mantvydas
Title: Powered by GitBook

Search URL Search Domain Scan URL

URL: https://adsecurity.org/?p=2293
Title: Sean Metcalf

Search URL Search Domain Scan URL

URL: https://firebasestorage.googleapis.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LFEMnER3fywgFHoroYn%2F-LKGnVC0FcBAgxoJ2lPY%2F-LKGnkAw0lxXESfiSmJh%2Fkerberoast.pcap?alt=media&token=e4b98490-f1f3-47ab-a1d5-6bd753fb7010
Title: kerberoast.pcapkerberoast.pcap - 4KB

Search URL Search Domain Scan URL

URL: https://files.sans.org/summit/hackfest2014/PDFs/Kicking%20the%20Guard%20Dog%20of%20Hades%20-%20Attacking%20Microsoft%20Kerberos%20%20-%20Tim%20Medin(1).pdf
Title: Tim Medin - Attacking Kerberos: Kicking the Guard Dog of Hades

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/wiki/Technique/T1208
Title: https://attack.mitre.org/wiki/Technique/T1208attack.mitre.org

Search URL Search Domain Scan URL

URL: https://github.com/nidem/kerberoast
Title: nidem/kerberoastContribute to nidem/kerberoast development by creating an account on GitHub.github.com

Search URL Search Domain Scan URL

URL: https://blog.stealthbits.com/extracting-service-account-passwords-with-kerberoasting/
Title: Extracting Service Account Passwords with Kerberoasting | Insider ThreatKerberoasting is effective for extracting service account credentials from Active Directory without needing elevated rights or causing domain traffic.blog.stealthbits.com

Search URL Search Domain Scan URL

URL: http://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
Title: Kerberoasting Without MimikatzJust about two years ago, Tim Medin presented a new attack technique he christened “Kerberoasting”. While we didn’t realize the full implications of this at the time of release, t…www.harmj0y.net

Search URL Search Domain Scan URL

URL: https://pentestlab.blog/2018/06/12/kerberoast/
Title: KerberoastThe process of cracking Kerberos service tickets and rewriting them in order to gain access to the targeted service is called Kerberoast. This is very common attack in red team engagements since it…pentestlab.blog

Search URL Search Domain Scan URL

URL: https://blog.xpnsec.com/kerberos-attacks-part-1/
Title: Kerberos AD Attacks - KerberoastingRecently I've been trying to make sure that my redteam knowledge is up to date, exploring many of the advancements in Active Directory Kerberos attacks... and there have been quite a few! I finally found some free time this week to roll up my sleeves and dig into the internalsblog.xpnsec.com

Search URL Search Domain Scan URL

URL: http://rc4.online-domain-tools.com/
Title: RC4 Encryption – Easily encrypt or decrypt strings or filesOnline interface for RC4 encryption algorithm, also known as ARCFOUR, an algorithm that is used within popular cryptographic protocols such as SSL or WEP.rc4.online-domain-tools.com

Search URL Search Domain Scan URL

URL: https://crackstation.net/
Title: CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.Crackstation is the most effective hash cracking service. We crack: MD5, SHA1, SHA2, WPA, and much more...crackstation.net

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/askds/2008/03/06/kerberos-for-the-busy-admin/
Title: Kerberos for the Busy AdminMicrosoft's official enterprise support blog for AD DS and moreblogs.technet.microsoft.com

Search URL Search Domain Scan URL

URL: https://medium.com/@jsecurity101/ioc-differences-between-kerberoasting-and-as-rep-roasting-4ae179cdf9ec
Title: IOC differences between Kerberoasting and AS-REP RoastingBackground:medium.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://blog.stealthbits.com/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg HTTP 302
https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg

Request Chain 44

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 82

https://blog.stealthbits.com/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg HTTP 302
https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg

113 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request t1208-kerberoasting Show response
www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/ 2 MB
403 KB 1464ms
1403ms Document
text/html 2606:4700::6812:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5166350ff3cd1084b75855e8cc88e1c182a0447474b570907bc8296c774cabf5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' gstatic.gitbook.com .gitbook-staging.com .gitbook.com .firebaseio.com wss://.firebaseio.com .cloudfunctions.net .googleapis.com .gstatic.com data: .google.com .github.com .algolianet.com .algolia.net sentry.io .logrocket.io .lr-ingest.io .stripe.com .clearbit.com .google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net .iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' .firebaseio.com .google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io .stripe.com .clearbit.com .google-analytics.com .iframe.ly .gstatic.com cdnjs.cloudflare.com .intercom.io .intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://.intercom-attachments.com; frame-src ; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.ired.team
:scheme: https
:path: /offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d737296704135c6e2a2999f16662c16291614635082; expires=Wed, 31-Mar-21 21:44:42 GMT; path=/; domain=.www.ired.team; HttpOnly; SameSite=Lax
cf-ray: 62959174a858c2c7-FRA
cache-control: public, max-age=86400, s-maxage=86400, stale-while-revalidate=3600, stale-if-error=43200
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Authorization, Cookie, X-CDN-Host
cf-cache-status: EXPIRED
cf-request-id: 0891593ceb0000c2c7a51b9000000001
content-security-policy: default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
function-execution-id: 1eb2bsd5z7vt
referrer-policy: no-referrer-when-downgrade
x-cdn-cache-group: -LFEMnER3fywgFHoroYn
x-cloud-trace-context: 227993dafee034e9a196d7cab71da0e4
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: gzip

GET
H2 200 css
fonts.googleapis.com/ 2 KB
664 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

084337b4bbbd1e1e5f06c0755f0d17421b55f8b9499f4c5244354405fb70cfa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 01 Mar 2021 21:06:18 GMT
server: ESF
date: Mon, 01 Mar 2021 21:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 01 Mar 2021 21:44:44 GMT

GET
H2 200 emojione-sprite-40.min.css
unpkg.com/emojione-assets@4.0.0/sprites/ 183 KB
14 KB 35ms
17ms Stylesheet
text/css 2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/emojione-assets@4.0.0/sprites/emojione-sprite-40.min.css

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5680020
vary: Accept-Encoding
cf-request-id: 08915942e800004abd4e2ee000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"2dc7c-MlEndlChcp6B66cJCh5yD8CB/Fo"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 22a561d395b235f9c3e2c0bd377a83e4
cache-control: public, max-age=31536000
cf-ray: 6295917e3c7e4abd-FRA

GET
H2 200 6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 1 KB
1 KB 40ms
15ms Stylesheet
text/css 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5679962
cf-polished: origSize=1701
x-guploader-uploadid: ABg5-UwRbBqrUTgzcypdeEnLLffVrUFlH4Ffm7o_Kq_YTSXWywTO_QDa5W3zu0-BQvy2RezZBILefdfyeqntrV4Fiuc
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/css
cf-request-id: 08915942f000004aaf68b4b000000001
expires: Sat, 25 Dec 2021 13:13:54 GMT
last-modified: Thu, 17 Dec 2020 11:33:02 GMT
server: cloudflare
etag: W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation: 1608204782760602
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1701
cf-ray: 6295917e4bfa4aaf-FRA
cf-bgj: minify

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 72 B
536 B 44ms
14ms Script
text/javascript 2a04:4e42:600::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?flags=gated&features=Intl

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:600::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 1014699
detected-user-agent: Chrome Mobile/83.0.4103
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length: 74
referrer-policy: origin-when-cross-origin
last-modified: Wed, 17 Feb 2021 17:54:30 GMT
date: Mon, 01 Mar 2021 21:44:44 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/83.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 embed.js Show response
cdn.iframe.ly/ 22 KB
7 KB 80ms
25ms Script
application/javascript 13.224.195.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/embed.js
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-44.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 2943b8f0cb7ea6bfd6c933a4fa39982c6fa01de274c2ada54047f59ecf20f7f5

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 02:42:16 GMT
content-encoding: br
last-modified: Thu, 26 Mar 2020 16:41:00 GMT
server: nginx
age: 68552
etag: W/"5e7cdb1c-563c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: czGczxEuGtkV8x5jzJ6LJZtEm0d7ORwzZSfaSIeCBAbdP50Oikvp-w==
via: 1.1 c2a926ef1bafe1ab239d4761594a8099.cloudfront.net (CloudFront)

GET
H2 200 spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png
gblobscdn.gitbook.com/ 28 KB
29 KB 41ms
15ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: HIT
age: 9990962
x-guploader-uploadid: ABg5-Uyi4yb6xzxMM2w327T_bM1rD925KiGNS4hflTye11n2aT2qYIBoHaJ5uVZwPi_ZGvAk3DvyTXK_GKBnEy9uCVy38JPavg
x-goog-storage-class: STANDARD
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
content-type: image/png
content-length: 29066
cf-request-id: 08915942f7000005b7091b0000000001
last-modified: Sat, 08 Sep 2018 20:00:14 GMT
server: cloudflare
etag: "2965c5f978755802debc0291c5574853"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation: 1536436814766237
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 29066
x-goog-meta-firebasestoragedownloadtokens: 1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges: bytes
cf-ray: 6295917e5f3f05b7-FRA
expires: Sat, 06 Nov 2021 04:14:37 GMT

GET
H2 200 photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 7 KB
7 KB 27ms
6ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:38:36 GMT
x-content-type-options: nosniff
age: 11168
content-disposition: inline;filename=""
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6707
x-xss-protection: 0
server: fife
etag: "v5e"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 02 Mar 2021 18:38:36 GMT

GET
H2 200 gOrfAo6 Show response
cdn.iframe.ly/ Frame BB0D 8 KB
3 KB 71ms
26ms Document
text/html 13.224.195.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/gOrfAo6
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-44.fra2.r.cloudfront.net
Software: nginx / iframe.ly
Resource Hash: 63f125a8c639cc8b42ae13d1638af518eb975d83e1c0ec388832484945abc276

Request headers

:method: GET
:authority: cdn.iframe.ly
:scheme: https
:path: /gOrfAo6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Response headers

content-type: text/html; charset=utf-8
server: nginx
date: Mon, 01 Mar 2021 20:59:30 GMT
x-powered-by: iframe.ly
cache-control: public, max-age=3600
expires: Mon, 01 Mar 2021 21:59:30 GMT
etag: W/"95891dc943ed8d932563f7a483fea0d1"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2a926ef1bafe1ab239d4761594a8099.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: vizH0LRXsG0Tp4J9u3Z-Xrpj7EOvPwlIyIFHOq2xW7sXcKUm7niq6Q==
age: 2714

GET
H2 200 email-decode.min.js Show response
www.ired.team/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
862 B 12ms
11ms Script
application/javascript 2606:4700::6812:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ired.team/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:91 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Feb 2021 13:46:54 GMT
server: cloudflare
etag: W/"602e6fce-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 6295917e4facc2c7-FRA
vary: Accept-Encoding
cf-request-id: 08915942ea0000c2c7beb97000000001
expires: Wed, 03 Mar 2021 21:44:44 GMT

GET
H2 200 4877511
avatars3.githubusercontent.com/u/ 9 KB
10 KB 53ms
18ms Image
image/jpeg 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars3.githubusercontent.com/u/4877511?s=400&v=4

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-108-133.github.com

Software

Resource Hash

b43eefddc46de63527a3841ca2f1186bbd6468bc09e93676acecf09b1569ebf7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: bac0eefd30e80894274524ab8f0ca00961c7d204
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 1
vary: Authorization,Accept-Encoding
content-length: 9705
x-xss-protection: 1; mode=block
x-served-by: cache-ams21056-AMS
last-modified: Sat, 10 Dec 2016 02:43:39 GMT
x-github-request-id: 8D6C:FADA:3D058E:420814:6037C072
x-timer: S1614635085.598257,VS0,VE1
x-frame-options: deny
date: Mon, 01 Mar 2021 21:44:44 GMT
source-age: 368602
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
etag: "06438b4f26d99bfce149bccbd857e9b435ec242b7ef465877ef5daeb47a5a706"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Mon, 01 Mar 2021 21:49:44 GMT

GET
H2

200

Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg
www.stealthbits.com/blog/wp-content/uploads/2017/05/
Redirect Chain

https://blog.stealthbits.com/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg
https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg

676 KB
681 KB

372ms
120ms

Image
image/jpeg

72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f5b001a99b21678879ce79b79b5ff671b4924fd60409c12f683c1bf7fafcfdb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
referrer-policy: same-origin
last-modified: Mon, 08 May 2017 18:29:44 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: geolocation 'self'; vibrate 'none'
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 692425
x-content-type-options: nosniff
expires: Tue, 01 Mar 2022 21:44:46 GMT

Redirect headers

date: Mon, 01 Mar 2021 21:44:45 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1
location: https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg
cache-control: max-age=0
content-length: 316
expires: Mon, 01 Mar 2021 21:44:45 GMT

GET
H2 200 Kerberoast-RC4-WireShark-TGSREP-Using-PowerShell.jpg
adsecurity.org/wp-content/uploads/2015/12/ 147 KB
147 KB 514ms
252ms Image
image/jpeg 2607:f1c0:100f:f000::2af
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adsecurity.org/wp-content/uploads/2015/12/Kerberoast-RC4-WireShark-TGSREP-Using-PowerShell.jpg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2607:f1c0:100f:f000::2af , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1bac465dbe36a6a5f725f53f09d918259380a22f8eed7c962ce1c8c035dfae80

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
last-modified: Tue, 29 Dec 2015 18:49:25 GMT
server: Apache
accept-ranges: bytes
etag: "24a4f-5280de16a2451"
content-length: 150095
content-type: image/jpeg

GET
H2 200 autokerberoast-service-ticket-hashes-of-particular-domain-and-group.png
pentestlab.files.wordpress.com/2018/06/ 221 KB
221 KB 58ms
20ms Image
image/png 192.0.72.28
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlab.files.wordpress.com/2018/06/autokerberoast-service-ticket-hashes-of-particular-domain-and-group.png

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.28 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b0032ab02d0402ecc5ace5baf49542a8fa3b9d8949aee9cfa89026a2923ac969

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 28 np
date: Mon, 01 Mar 2021 21:44:44 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Sun, 10 Jun 2018 22:07:18 GMT
server: nginx
x-orig-src: 01_mogdir
content-type: image/png
access-control-allow-origin: https://pentestlab.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
vary: Origin
content-length: 226016
expires: Tue, 30 Mar 2021 12:48:53 GMT

GET
H2 404 cerberos-1.jpg
blog.xpnsec.com/content/images/2017/09/ 0
0 44ms
6ms Image
text/html 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.xpnsec.com/content/images/2017/09/cerberos-1.jpg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 0*xUonZaUp66Yqlbed.png
miro.medium.com/max/596/ 202 KB
203 KB 128ms
110ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/596/0*xUonZaUp66Yqlbed.png

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f048f038d6012c669879116aed276c59eaebd6cc4be66a4fddb8268ed700b7b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 80
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 206718
cf-request-id: 089159431e0000c28b98397000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 6295917e9f91c28b-FRA
expires: Wed, 31 Mar 2021 21:44:44 GMT

GET
H2 200 f4fa50c4003f87e7dc10459e500933c3.woff
gstatic.gitbook.com/fonts/ 92 KB
93 KB 37ms
23ms Font
font/woff 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/fonts/f4fa50c4003f87e7dc10459e500933c3.woff
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: HIT
age: 1167112
x-guploader-uploadid: ABg5-UzViI99Dda3cP3Qg3SePBZOPHID0sQWCh5Xwb7ABpf3Kymyn5an3hMnqxi3vfYhSRH4_2EY0VJyV-VMMjFl5_yqQD8fqg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: font/woff
content-length: 94368
cf-request-id: 089159431c00002c3ab4088000000001
last-modified: Thu, 04 Feb 2021 10:35:40 GMT
server: cloudflare
etag: "f4fa50c4003f87e7dc10459e500933c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=FUjfEA==, md5=9PpQxAA/h+fcEEWeUAkzww==
x-goog-generation: 1612434940263795
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 94368
accept-ranges: bytes
cf-ray: 6295917e9e0b2c3a-FRA
expires: Fri, 04 Feb 2022 12:56:56 GMT

GET
H2 200 72e37e5bf95a8dba938c78b1d7d91253.woff
gstatic.gitbook.com/fonts/ 92 KB
92 KB 37ms
24ms Font
font/woff 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/fonts/72e37e5bf95a8dba938c78b1d7d91253.woff
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: HIT
age: 1167112
x-guploader-uploadid: ABg5-UyU5GJvRdf605vE7W_DJPUXMjr0Prnk9CVvz6EBO-T9kM3BNXlW_5Kojg9BbBMZEIYguP6ZWRmO45kHPqzjRRU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: font/woff
content-length: 94040
cf-request-id: 089159431c00002c3a932ac000000001
last-modified: Mon, 11 Jan 2021 12:55:27 GMT
server: cloudflare
etag: "72e37e5bf95a8dba938c78b1d7d91253"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=TBIniA==, md5=cuN+W/lajbqTjHix19kSUw==
x-goog-generation: 1610369727150031
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 94040
accept-ranges: bytes
cf-ray: 6295917e9e0e2c3a-FRA
expires: Thu, 27 Jan 2022 21:58:50 GMT

GET
H2 200 fc3d4b35e4d07d4e0485cc2db0e57c77.woff
gstatic.gitbook.com/fonts/ 92 KB
92 KB 29ms
17ms Font
font/woff 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/fonts/fc3d4b35e4d07d4e0485cc2db0e57c77.woff
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: HIT
age: 5704974
x-guploader-uploadid: AEnB2UqsZ3WK_xS0YchRtujyaXSHhWyr8A3u9cWzDfV84KgDBxBluJjubL9gKNbI1STPBxQltx3kLRWA6bEaNRNxSvRzAcBChQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: font/woff
content-length: 93788
cf-request-id: 089159431c00002c3aa319d000000001
last-modified: Fri, 11 Dec 2020 09:44:49 GMT
server: cloudflare
etag: "fc3d4b35e4d07d4e0485cc2db0e57c77"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=7TN+QQ==, md5=/D1LNeTQfU4EhcwtsOV8dw==
x-goog-generation: 1584024803933768
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 93788
accept-ranges: bytes
cf-ray: 6295917e9e0d2c3a-FRA
expires: Sat, 11 Dec 2021 16:43:23 GMT

GET
H2 200 HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
fonts.gstatic.com/s/sourcecodepro/v13/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcecodepro/v13/HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.ired.team
Referer: https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Feb 2021 22:47:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 23:57:48 GMT
server: sffe
age: 514623
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11232
x-xss-protection: 0
expires: Wed, 23 Feb 2022 22:47:41 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEHymbOx0oOZqB-u3R%2Fkerberoast-principalname.png
gblobscdn.gitbook.com/ 26 KB
26 KB 41ms
36ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEHymbOx0oOZqB-u3R%2Fkerberoast-principalname.png?alt=media&token=bb0909ca-93f7-4f52-8045-615a94f0cc6b
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd817a0cafb3c9e43afd7ec29229df496af69f0b94c1c2d9e9cba9bb24b13516

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UwzLonr68hfOU4Vd8cPs7c_1-_ldfRoETTnhuOkgRWoVt3C9YMwTV0BZfjKx80SQoPn4YpNzHnvMx3hr-9UnCOG31EAkQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-principalname.png
content-type: image/png
content-length: 26472
cf-request-id: 0891594375000005b76b0c0000000001
last-modified: Sat, 18 Aug 2018 23:10:19 GMT
server: cloudflare
etag: "238c10975d1bba3e1d82dbc26265d2c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=2uyawg==, md5=I4wQl10buj4dgtvCYmXSyA==
x-goog-generation: 1534633819801411
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 26472
x-goog-meta-firebasestoragedownloadtokens: bb0909ca-93f7-4f52-8045-615a94f0cc6b
accept-ranges: bytes
cf-ray: 6295917f284305b7-FRA
expires: Tue, 01 Mar 2022 11:41:38 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEQWnWdxN10k88vogc%2F-LKEQTo6Vvatn_DEOJ48%2Fkerberoast-enumeration.png
gblobscdn.gitbook.com/ 46 KB
47 KB 504ms
500ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEQWnWdxN10k88vogc%2F-LKEQTo6Vvatn_DEOJ48%2Fkerberoast-enumeration.png?alt=media&token=eb2b7887-fdfd-44b1-8fe3-00d8c9d20375
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e728d119d23368fda40ec69c463f826ae532eba722f86f620e5ba12367f16ea1

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:45 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-Uwdw9eZBVBDB69I-1C2zl1z7sOwx6UOeiPZtauGGUTB2nuaHJgYqQwSXI0lC1Ivfl7lmIeN4MqUvElqQ10Q2wrEfV6JCQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-enumeration.png
content-type: image/png
content-length: 47393
cf-request-id: 0891594375000005b75b256000000001
last-modified: Sat, 18 Aug 2018 23:45:46 GMT
server: cloudflare
etag: "0ab2754d8e8ac9339e47feaf090ac18f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=JKRdfw==, md5=CrJ1TY6KyTOeR/6vCQrBjw==
x-goog-generation: 1534635946399458
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 47393
x-goog-meta-firebasestoragedownloadtokens: eb2b7887-fdfd-44b1-8fe3-00d8c9d20375
accept-ranges: bytes
cf-ray: 6295917f284405b7-FRA
expires: Tue, 01 Mar 2022 21:44:44 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKO4btIeebtUwYK4eFR%2F-LKO52yd3HfsBmTinFHl%2Fkerberoast-powershell.png
gblobscdn.gitbook.com/ 19 KB
20 KB 28ms
23ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKO4btIeebtUwYK4eFR%2F-LKO52yd3HfsBmTinFHl%2Fkerberoast-powershell.png?alt=media&token=8c762564-615d-4deb-b1ee-b13b5aee29d1
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14eb64a86f2b60375df9a6f15f1c83b575317cf482f43f65783d2ef75da4105e

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UynY4stOLWcj59YW8N-JgbIX4fqYMLqVtShu-rCJuv3jThT_NOWILleFlZ3hhh3XF2p82P8G7WXgqgCSc-JlJE
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-powershell.png
content-type: image/png
content-length: 19705
cf-request-id: 0891594375000005b75a3a6000000001
last-modified: Mon, 20 Aug 2018 20:50:38 GMT
server: cloudflare
etag: "c21b0c07d30548165d813d9cbc1fd588"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=jFW2Jg==, md5=whsMB9MFSBZdgT2cvB/ViA==
x-goog-generation: 1534798238345658
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 19705
x-goog-meta-firebasestoragedownloadtokens: 8c762564-615d-4deb-b1ee-b13b5aee29d1
accept-ranges: bytes
cf-ray: 6295917f284505b7-FRA
expires: Tue, 01 Mar 2022 11:41:39 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKIfG6BsIx4nzjVhA5g%2F-LKIfXzbGIXjdq2p7WgL%2Fkerberoast-setspn.png
gblobscdn.gitbook.com/ 51 KB
52 KB 42ms
37ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKIfG6BsIx4nzjVhA5g%2F-LKIfXzbGIXjdq2p7WgL%2Fkerberoast-setspn.png?alt=media&token=74471cd8-c62a-43b7-a195-bcbbbf1b1aca
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6ab9197bbd0560d5f2b1d4c09464f4c1250d8f00fcd67e2d86f94a4129b60eb

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-Uybv7zyZphYyNy9hpPhj7dT7trpTMYMFYnGhdZMeFo2KV09NQbPkAGMEow_fQqDYZuXXgmIpLJGI_VrnIrSqF9vaooiRw
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-setspn.png
content-type: image/png
content-length: 52311
cf-request-id: 0891594375000005b745b2c000000001
last-modified: Sun, 19 Aug 2018 19:35:07 GMT
server: cloudflare
etag: "2536938058bbfe66522bbcc687fb4ecc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=RxP5SA==, md5=JTaTgFi7/mZSK7zGh/tOzA==
x-goog-generation: 1534707307227787
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 52311
x-goog-meta-firebasestoragedownloadtokens: 74471cd8-c62a-43b7-a195-bcbbbf1b1aca
accept-ranges: bytes
cf-ray: 6295917f284705b7-FRA
expires: Mon, 28 Feb 2022 17:31:22 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIBbmJjX4MMuicYOd%2Fkerberoast-kerberos-token.png
gblobscdn.gitbook.com/ 12 KB
13 KB 33ms
29ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIBbmJjX4MMuicYOd%2Fkerberoast-kerberos-token.png?alt=media&token=2e1874f2-0239-4842-861d-9afc8c460f9f
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5cad3bbdbb13e0f3c2b268cc08385fa6713ee7dfd95e7f9f3c5dcd53166c986

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UyQzu4OGOHEUPHLkNIvy0dYZRqr6fBIhGgJfsdtPHAFNCkqrS-8oPqXfweOplWqZTc4sES-QsIBSSplzv0OcHY_eLN42w
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-kerberos-token.png
content-type: image/png
content-length: 12780
cf-request-id: 0891594375000005b7302da000000001
last-modified: Sat, 18 Aug 2018 23:10:20 GMT
server: cloudflare
etag: "108ef1600d08c95644da293cf0cd541a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=nRWKXA==, md5=EI7xYA0IyVZE2ik88M1UGg==
x-goog-generation: 1534633820079049
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 12780
x-goog-meta-firebasestoragedownloadtokens: 2e1874f2-0239-4842-861d-9afc8c460f9f
accept-ranges: bytes
cf-ray: 6295917f284905b7-FRA
expires: Mon, 28 Feb 2022 17:31:22 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIGe2N7anuEWUEzEI%2Fkerberoast-exported-kerberos-tickets.png
gblobscdn.gitbook.com/ 42 KB
42 KB 41ms
37ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIGe2N7anuEWUEzEI%2Fkerberoast-exported-kerberos-tickets.png?alt=media&token=4f59a38f-c80b-46b0-97f1-4009673381b0
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a32bf57c9b424f2579110375a0df71ffce7a48774705c06053ebbe1a983e6a4c

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UymJ33equ0NW2MO6CNdsTJ8O6P45w2yww19rCk6QTlm2-PN2y-9VjZHUFSloacp2oU35vXDh_s9XpqCcQbNPZfeDf-UPA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-exported-kerberos-tickets.png
content-type: image/png
content-length: 43037
cf-request-id: 0891594376000005b7011fb000000001
last-modified: Sat, 18 Aug 2018 23:10:19 GMT
server: cloudflare
etag: "af3b9fa83f05c406b1a919ec160d05c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=rzCM5g==, md5=rzufqD8FxAaxqRnsFg0Fxw==
x-goog-generation: 1534633819858623
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 43037
x-goog-meta-firebasestoragedownloadtokens: 4f59a38f-c80b-46b0-97f1-4009673381b0
accept-ranges: bytes
cf-ray: 6295917f284a05b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEILsCTgLjlbxn9h7B%2Fkerberoast-cracked.png
gblobscdn.gitbook.com/ 11 KB
12 KB 41ms
36ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEILsCTgLjlbxn9h7B%2Fkerberoast-cracked.png?alt=media&token=f4e6ec4f-9ed9-4217-a665-b86ca678f861
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e923d808a9c6ed43c11f2acd015a95f9c0f92df579d4a56b512d293c7490f17

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UxKuASiUQOEIZtdVFhILieFebGkT9axLo-dovFQ4F9VUk-jVQVw3JOG8UGPQDUBSq9IpBUuApXpTysFeleDvtAUbwo9Uw
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-cracked.png
content-type: image/png
content-length: 11739
cf-request-id: 0891594376000005b7752a4000000001
last-modified: Sat, 18 Aug 2018 23:10:19 GMT
server: cloudflare
etag: "cb8ee8dcfc46b56bb76265b787835d96"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=MxH9BA==, md5=y47o3PxGtWu3YmW3h4Ndlg==
x-goog-generation: 1534633819814750
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 11739
x-goog-meta-firebasestoragedownloadtokens: f4e6ec4f-9ed9-4217-a665-b86ca678f861
accept-ranges: bytes
cf-ray: 6295917f284b05b7-FRA
expires: Tue, 01 Mar 2022 11:41:38 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIlHyRC5bx2E7kMWZs%2Fkerberoast-4769.png
gblobscdn.gitbook.com/ 52 KB
52 KB 40ms
36ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIlHyRC5bx2E7kMWZs%2Fkerberoast-4769.png?alt=media&token=c639c0dc-77c9-46b4-8b79-daaecd2aef7e
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6fb626f0c4fa59ec4ad90dae6126dc7446b39bf8c9d5c4e1724654fdbccd858

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UztpNP7cWctUdC_D76iE65ZMP_zBSrSC1336PRT_pvIUpdbduuSSIS1Nb6gJGmoZxxCseZXPchfsHvqGlqadzw
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-4769.png
content-type: image/png
content-length: 52958
cf-request-id: 0891594376000005b7721ed000000001
last-modified: Sun, 19 Aug 2018 20:11:59 GMT
server: cloudflare
etag: "f4107a9b8228c027a517aaacc61ba2a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=twR6Fg==, md5=9BB6m4IowCelF6qsxhuiqQ==
x-goog-generation: 1534709519166578
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 52958
x-goog-meta-firebasestoragedownloadtokens: c639c0dc-77c9-46b4-8b79-daaecd2aef7e
accept-ranges: bytes
cf-ray: 6295917f284c05b7-FRA
expires: Tue, 01 Mar 2022 11:41:38 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIningDnwgpErj5BQO%2Fkerberoast-logs.png
gblobscdn.gitbook.com/ 40 KB
41 KB 28ms
25ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIningDnwgpErj5BQO%2Fkerberoast-logs.png?alt=media&token=eadce00c-2062-471c-a65c-8dd99323ca24
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 762293bd063a1db8a3acce093d104db94effd970b83fab92673f05715811f91b

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UzrIbQYulyLGQxRejIcRN7gL7IsP0luVzO6_fuMasKqn3Fqm9d4GjDrezVzP6tWblfMZ0AGSkbelWne1jq9bYUOlawqng
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-logs.png
content-type: image/png
content-length: 41445
cf-request-id: 0891594377000005b76e3c6000000001
last-modified: Sun, 19 Aug 2018 20:11:59 GMT
server: cloudflare
etag: "8eba7882971e5ba3a30dd9802d8b6bf5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=GNHFXA==, md5=jrp4gpceW6OjDdmALYtr9Q==
x-goog-generation: 1534709519106876
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 41445
x-goog-meta-firebasestoragedownloadtokens: eadce00c-2062-471c-a65c-8dd99323ca24
accept-ranges: bytes
cf-ray: 6295917f284d05b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj4Kvf84KO1anyG1W%2Fkerberoast-tgs-req.png
gblobscdn.gitbook.com/ 66 KB
67 KB 39ms
36ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj4Kvf84KO1anyG1W%2Fkerberoast-tgs-req.png?alt=media&token=f89019df-a503-44e9-bcd1-5886b5afcc4c
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87f128d0601eecb9a424a030723b4c0f9a482aac7b08ec853ec0491ead0aa02c

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UxZbwq8VXisVzhjIlnQwi0Pb4u86UIa53IuZsfIRah_CxO6FiHpa1WzrhLWMOfow9MnePhSBMcGnAIV8Sn2hMFWxsE_yA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-tgs-req.png
content-type: image/png
content-length: 67776
cf-request-id: 0891594377000005b71a97f000000001
last-modified: Sun, 19 Aug 2018 10:36:49 GMT
server: cloudflare
etag: "e580b35b662be53c25cc6eba444968a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=qtvUvA==, md5=5YCzW2Yr5TwlzG66RElopA==
x-goog-generation: 1534675009342546
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 67776
x-goog-meta-firebasestoragedownloadtokens: f89019df-a503-44e9-bcd1-5886b5afcc4c
accept-ranges: bytes
cf-ray: 6295917f284e05b7-FRA
expires: Mon, 28 Feb 2022 17:31:25 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj6j_gpAVwcUbHpg0%2Fkerberoast-tgs-res.png
gblobscdn.gitbook.com/ 71 KB
71 KB 47ms
44ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj6j_gpAVwcUbHpg0%2Fkerberoast-tgs-res.png?alt=media&token=e584d327-b3c0-49f0-b350-9e7fd8c4061e
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64644512411dce196ad6269eb338150128d76182073a7216c82683a32f7e1adb

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UzCxNChDxW6OupYPf2WOnKEdiQK39f1dZlLOtUAQlqA1xhdu5XAWGBgrSzqz6OxBCQBF3ztvnkTpQXs01Q_Xug
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-tgs-res.png
content-type: image/png
content-length: 72408
cf-request-id: 0891594377000005b76592b000000001
last-modified: Sun, 19 Aug 2018 10:36:49 GMT
server: cloudflare
etag: "6184163f3322efde3b56f574e4e8b58f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Srh/dg==, md5=YYQWPzMi7947VvV05Oi1jw==
x-goog-generation: 1534675009417651
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 72408
x-goog-meta-firebasestoragedownloadtokens: e584d327-b3c0-49f0-b350-9e7fd8c4061e
accept-ranges: bytes
cf-ray: 6295917f284f05b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4lBMQhe-45WDcppK%2Fkerberoast-creating-keytab.png
gblobscdn.gitbook.com/ 24 KB
25 KB 39ms
36ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4lBMQhe-45WDcppK%2Fkerberoast-creating-keytab.png?alt=media&token=a241ac27-8278-4bc4-bd9b-409478576c6d
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 675bb787300bc56cda7d4c7b0df26ef50ef828f455b3c284219d62cf1e024725

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-Ux8OZiiEji_oRlyZGT8qAY2oZdsudZUCjfl5f6beMr53_Bx4zHeZ-wzAufx8_EqMMDSUcsYytxKSCrJ2gKGdMVbN-5p_g
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-creating-keytab.png
content-type: image/png
content-length: 24803
cf-request-id: 089159437a000005b74b0d2000000001
last-modified: Sun, 19 Aug 2018 12:20:26 GMT
server: cloudflare
etag: "4e0b5d86c29b584388afd9a520340830"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=r4i7ew==, md5=TgtdhsKbWEOIr9mlIDQIMA==
x-goog-generation: 1534681226436731
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 24803
x-goog-meta-firebasestoragedownloadtokens: a241ac27-8278-4bc4-bd9b-409478576c6d
accept-ranges: bytes
cf-ray: 6295917f285605b7-FRA
expires: Tue, 01 Mar 2022 11:41:39 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4ntWZZS0w0-UQqUV%2Fkerberoast-wireshark-keytab.png
gblobscdn.gitbook.com/ 52 KB
53 KB 41ms
38ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4ntWZZS0w0-UQqUV%2Fkerberoast-wireshark-keytab.png?alt=media&token=a2f88ea5-de7e-4a9f-954b-b8a2e5aec08b
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff24cc396327955545e5cca845f403dfd7a441b2b74cc288ae902ddaa1c45218

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UxY_EjXwFMXwL5PwZE3hmAysPuCCKMoDvxTWdn7CGDTmZhw2RcwygqBTTt5wIbdBqQ3FzQ7tKVHV7n64rYe9Mgq8ayn9w
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-wireshark-keytab.png
content-type: image/png
content-length: 53374
cf-request-id: 089159437b000005b75f03c000000001
last-modified: Sun, 19 Aug 2018 12:20:26 GMT
server: cloudflare
etag: "f2615e2943baa5d23ed3e1150255b446"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=dupWXg==, md5=8mFeKUO6pdI+0+EVAlW0Rg==
x-goog-generation: 1534681226503896
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 53374
x-goog-meta-firebasestoragedownloadtokens: a2f88ea5-de7e-4a9f-954b-b8a2e5aec08b
accept-ranges: bytes
cf-ray: 6295917f285805b7-FRA
expires: Mon, 28 Feb 2022 17:31:26 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH6iRF_yfVO_4JgoP9%2Fkerberoast-decrypted.png
gblobscdn.gitbook.com/ 378 KB
379 KB 65ms
63ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH6iRF_yfVO_4JgoP9%2Fkerberoast-decrypted.png?alt=media&token=aa42e7bb-9b09-47ef-8a02-76942e3eaac7
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627b4db5fb9736c1229b3332d4ee13aea7fba2c68c4d0e7c5013269a80f8376

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UwTGP8uiNZVIzxklM0A8H8MlfwRlOWiSTfyVmBx2Z5lmGtSJPF11VTd1Yum7IcxanY4XcQxeJOurpoZgbr6y1s3QqhnHQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-decrypted.png
content-type: image/png
content-length: 387195
cf-request-id: 089159437b000005b7379c6000000001
last-modified: Sun, 19 Aug 2018 12:20:26 GMT
server: cloudflare
etag: "11da5399aa887796710e3adafd4c8fac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=IlYsbA==, md5=EdpTmaqId5ZxDjra/UyPrA==
x-goog-generation: 1534681226920374
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 387195
x-goog-meta-firebasestoragedownloadtokens: aa42e7bb-9b09-47ef-8a02-76942e3eaac7
accept-ranges: bytes
cf-ray: 6295917f285a05b7-FRA
expires: Mon, 28 Feb 2022 17:31:27 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdsJBFE3Mnvtrl0iu%2Fkerberoast-crackstation.png
gblobscdn.gitbook.com/ 110 KB
111 KB 33ms
31ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdsJBFE3Mnvtrl0iu%2Fkerberoast-crackstation.png?alt=media&token=e99c0667-3d28-44bc-8434-1bc3fcd5f3d0
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2aadec2ec38b0ae066bbb15b8e91409c76ab81b914a688916450a091a545b256

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UwfcsKuhizU3BcokBIbacG7N1y1sdiaKvJQ39WUDlT3TNIBY8CMP00xY3y-WsvqjpsTtG3DMVYgCb72Ve5Sr6c
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-crackstation.png
content-type: image/png
content-length: 112559
cf-request-id: 089159437b000005b700390000000001
last-modified: Sun, 19 Aug 2018 14:50:34 GMT
server: cloudflare
etag: "9b5e24571db71f25c189959c2780298d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Mt6VMw==, md5=m14kVx23HyXBiZWcJ4ApjQ==
x-goog-generation: 1534690234713559
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 112559
x-goog-meta-firebasestoragedownloadtokens: e99c0667-3d28-44bc-8434-1bc3fcd5f3d0
accept-ranges: bytes
cf-ray: 6295917f285b05b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdaWK0wLrmtY_gha0%2Fkerberoast-printstatements.png
gblobscdn.gitbook.com/ 210 KB
210 KB 31ms
30ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdaWK0wLrmtY_gha0%2Fkerberoast-printstatements.png?alt=media&token=6bb3a13e-5900-4445-9004-0e175a840aa9
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09bad523e3e6e79d428aef576c3d1684f53fc07e11deb863f314a8c0a68e2b55

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UyIClF00DBaBrWXz_YMpdi6JVmXBiQudg1rYn0b-KoE6J2GmN_fU1FZAaiZRGlW_Rza5RU39UzDXWqt6BgCUPo
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-printstatements.png
content-type: image/png
content-length: 214881
cf-request-id: 0891594392000005b7011fc000000001
last-modified: Sun, 19 Aug 2018 14:50:34 GMT
server: cloudflare
etag: "760a5bf0019076c1fcfe29dfd2cfc88e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=PQHelQ==, md5=dgpb8AGQdsH8/inf0s/Ijg==
x-goog-generation: 1534690234640390
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 214881
x-goog-meta-firebasestoragedownloadtokens: 6bb3a13e-5900-4445-9004-0e175a840aa9
accept-ranges: bytes
cf-ray: 6295917f587805b7-FRA
expires: Tue, 01 Mar 2022 11:41:39 GMT

GET
H2 200 nJSMJyRNvlM Show response
www.youtube.com/embed/ Frame BB0D 51 KB
22 KB 49ms
49ms Document
text/html 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Requested by

Host: cdn.iframe.ly
URL: https://cdn.iframe.ly/gOrfAo6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

287572be6802ffc6473c727b9d6f06841decd2a052482df6182d58e8914ee126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/nJSMJyRNvlM?rel=0&start=16
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.iframe.ly/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cdn.iframe.ly/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 01 Mar 2021 21:44:44 GMT
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=X-GXsKFkXXs; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=W9iotl6QJMs; Domain=.youtube.com; Expires=Sat, 28-Aug-2021 21:44:44 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+302; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 111.c1e0c47b.js Show response
gstatic.gitbook.com/js/ 3 MB
945 KB 22ms
22ms Script
application/javascript 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab4364ddaad5945c8e8bda24438197c51c2bd3c9ecc925f96b0472f09e8b7d20

Request headers

Origin: https://www.ired.team
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:44 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 17683
cf-polished: origSize=3418119
x-guploader-uploadid: ABg5-Uz2DAYETikKf8vw9cinnuCnDP67X0dwwaq1pLJq9_uNGmaI5LdOYorUN9pSG1LgPl1CSxkyYqiI2sIx9LIR03fMH6qKaQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 08915943e400002c3aad2b4000000001
expires: Tue, 01 Mar 2022 16:25:55 GMT
last-modified: Mon, 01 Mar 2021 16:22:54 GMT
server: cloudflare
etag: W/"a7a71d08e732721496732725918bd779"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=xCtPdw==, md5=p6cdCOcychSWcyclkYvXeQ==
x-goog-generation: 1614615774130803
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 3418119
cf-ray: 6295917fdfc22c3a-FRA
cf-bgj: minify

GET
H3-Q050 200 www-player-webp.css
www.youtube.com/s/player/4fe52f49/ Frame BB0D 340 KB
51 KB 37ms
22ms Stylesheet
text/css 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3343a4e8f05ab408911f4ea5f601801208a10a7d01f3a40a65bf4c6ec3900f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 16:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 363466
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52149
x-xss-protection: 0
expires: Fri, 25 Feb 2022 16:46:58 GMT

GET
H3-Q050 200 www-embed-player.js Show response
www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/ Frame BB0D 157 KB
57 KB 36ms
21ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b15819c89eec43f6a9f25d77a37dc02960dad46caa0dabe10699df1fccf45101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 10:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 38848
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58416
x-xss-protection: 0
expires: Tue, 01 Mar 2022 10:57:16 GMT

GET
H3-Q050 200 base.js Show response
www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/ Frame BB0D 2 MB
502 KB 45ms
30ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0080cb454fdee548ddf7fe5a570ec35de96ae2b2b1d5af2e178c0a717a35c423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 09:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 45380
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 513497
x-xss-protection: 0
expires: Tue, 01 Mar 2022 09:08:24 GMT

GET
H3-Q050 200 fetch-polyfill.js Show response
www.youtube.com/s/player/4fe52f49/fetch-polyfill.vflset/ Frame BB0D 8 KB
3 KB 44ms
30ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 04:48:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 60984
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3027
x-xss-protection: 0
expires: Tue, 01 Mar 2022 04:48:20 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BB0D 10 KB
11 KB 34ms
20ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 06:39:48 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 227096
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
expires: Sun, 27 Feb 2022 06:39:48 GMT

GET
H2 200 logger.min.js Show response
cdn.lr-ingest.io/ 641 KB
116 KB 54ms
33ms Script
text/javascript 2606:4700:e0::ac40:6402
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.lr-ingest.io/logger.min.js

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e0::ac40:6402 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ea7f67552244f518b3f156602b0520a922246a26dc926d379e11f9c6068683b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:45 GMT
content-encoding: br
vary: x-fh-requested-host, accept-encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 300
x-cache: HIT
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 08915945090000d6f572a02000000001
x-served-by: cache-fra19121-FRA
last-modified: Mon, 01 Mar 2021 20:04:33 GMT
server: cloudflare
x-timer: S1614629367.015844,VS0,VE1
etag: W/"676cb2d389cc5e22563cb0c39013aeb45b551a1418e40394422f71c243494318"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31556926
report-to: {"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NkICW5gud4mJUGMenWDN4fXa%2FaOz7EkfMYhP9BxMETl%2BSGLedKVncGY8pZlFuCCVBbG0C2h8SwZqpnFrXkwf9qbTgJPKI%2Bd63bKsqDROoeMN2nkob3ZFEVHxVq8T"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 62959181ace6d6f5-FRA
x-cache-hits: 1

GET
H2 200 __session Show response
app.gitbook.com/ 52 B
726 B 260ms
253ms Fetch
application/json 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.gitbook.com/__session?proposed=e6e5ba34-c051-4247-b1a4-2c0afba0cd49R
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: bbf3664b91b2e00a22d44aad060c4edea7d03707cf4b0c698c0ddba8b5c57a94

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:45 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
x-magic-hash: 8846c648caefcfd496dbd4d3a2e40cfb2976a7e4b9b35a3e70ea99f9fc5fd6ad
x-powered-by: Express
x-cache: MISS
x-release: gitbook-28427-6.25.0
cf-request-id: 08915946a2000005b71882c000000001
access-control-allow-origin: https://www.ired.team
server: cloudflare
etag: W/"34-IkLPDDaHwW5lHUlc2W4M4y1ArNU"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
via: no cache
x-cloud-trace-context: 8a4032bdf2379313902abb319b9b5ede
cache-control: private
access-control-allow-credentials: true
function-execution-id: xtethmnrbznn
cf-ray: 629591843fa805b7-FRA
expires: Mon, 01 Mar 2021 21:44:45 GMT

GET
H3-Q050

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame BB0D
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

113 B
922 B

67ms
53ms

XHR
application/json

2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df116936b708af0ed1e319ce231735cb2f10773aceb21c1bd2b8e0ab95b91421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 01 Mar 2021 21:44:45 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame BB0D 29 B
91 B 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:41:57 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 168
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Mon, 01 Mar 2021 21:56:57 GMT

GET
H3-Q050 200 remote.js Show response
www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/ Frame BB0D 96 KB
96 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64620c4b38f39b52be7567a111c31cb9a516e243c6b689564e73103c69d3c2b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:22:45 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 12120
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98288
x-xss-protection: 0
expires: Tue, 01 Mar 2022 18:22:45 GMT

GET
H2 200 5F6tG6N9C-HNFBmbPVEyNyk6q7IXWibXNpfQ51AyKrE.js Show response
www.google.com/js/bg/ Frame BB0D 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/5F6tG6N9C-HNFBmbPVEyNyk6q7IXWibXNpfQ51AyKrE.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e45ead1ba37d0be1cd14199b3d513237293aabb2175a26d73697d0e750322ab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 20:03:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 11:00:00 GMT
server: sffe
age: 6085
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6224
x-xss-protection: 0
expires: Tue, 01 Mar 2022 20:03:20 GMT

GET
H3-Q050 200 embed.js Show response
www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/ Frame BB0D 29 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d619e1addf6b5ae77461e2ca5337064f47894441b8df71be6ad8fd5288a1aba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 15:45:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 194362
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9681
x-xss-protection: 0
expires: Sun, 27 Feb 2022 15:45:23 GMT

GET
DATA 200
OK truncated
/ Frame BB0D 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AAUvwnis_ImIxtao1imOcMgE1a42qx1Fohz2K4caL4eXlwk=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame BB0D 3 KB
3 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AAUvwnis_ImIxtao1imOcMgE1a42qx1Fohz2K4caL4eXlwk=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7cee3a15b7511743d654a9f7286126303b0751c456f6021b982aaf6a2e586ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 20:29:55 GMT
x-content-type-options: nosniff
age: 4490
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3038
x-xss-protection: 0
server: fife
etag: "v7b98"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 25 Feb 2021 04:42:56 GMT

GET
H2 200 maxresdefault.webp
i.ytimg.com/vi_webp/nJSMJyRNvlM/ Frame BB0D 68 KB
68 KB 17ms
16ms Image
image/webp 2a00:1450:4001:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/nJSMJyRNvlM/maxresdefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac6c089a5dd34bbeb3134d03cd123fb22c21720cac2617fda42d2d8567922a2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:45 GMT
x-content-type-options: nosniff
server: sffe
age: 0
etag: "0"
vary: Origin
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69384
x-xss-protection: 0
expires: Mon, 01 Mar 2021 23:44:45 GMT

GET
BLOB 200
OK fa034b17-6772-46eb-8563-edd87112207f
https://www.ired.team/ 423 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.ired.team/fa034b17-6772-46eb-8563-edd87112207f
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dec9a3e5952f27d6641cc7591e2fcc4c580d9673f8906f850305cacb64c38bab

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 433205

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame BB0D 4 KB
2 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Mon, 01 Mar 2021 21:44:46 GMT

GET
H3-Q050 204 generate_204
www.youtube.com/ Frame BB0D 0
38 B 6ms
6ms Image
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?mR8bJg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK .lp Show response
gitbook-28427.firebaseio.com/ Frame 6D42 422 B
664 B 251ms
112ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://gitbook-28427.firebaseio.com/.lp?start=t&ser=54096687&cb=1&v=5

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

61e9722dd7241afd4ad652b66fa049697ab9ac1f17e7f8a8dce8a2d17c84dc57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Mar 2021 21:44:46 GMT
Server: nginx
Connection: keep-alive
Content-Length: 422
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEHymbOx0oOZqB-u3R%2Fkerberoast-principalname.png
gblobscdn.gitbook.com/ 26 KB
26 KB 18ms
17ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEHymbOx0oOZqB-u3R%2Fkerberoast-principalname.png?alt=media&token=bb0909ca-93f7-4f52-8045-615a94f0cc6b
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd817a0cafb3c9e43afd7ec29229df496af69f0b94c1c2d9e9cba9bb24b13516

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UwzLonr68hfOU4Vd8cPs7c_1-_ldfRoETTnhuOkgRWoVt3C9YMwTV0BZfjKx80SQoPn4YpNzHnvMx3hr-9UnCOG31EAkQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-principalname.png
content-type: image/png
content-length: 26472
cf-request-id: 08915949b3000005b737a13000000001
last-modified: Sat, 18 Aug 2018 23:10:19 GMT
server: cloudflare
etag: "238c10975d1bba3e1d82dbc26265d2c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=2uyawg==, md5=I4wQl10buj4dgtvCYmXSyA==
x-goog-generation: 1534633819801411
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 26472
x-goog-meta-firebasestoragedownloadtokens: bb0909ca-93f7-4f52-8045-615a94f0cc6b
accept-ranges: bytes
cf-ray: 629591891d2305b7-FRA
expires: Tue, 01 Mar 2022 11:41:38 GMT

GET
H2 200 6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 1 KB
743 B 15ms
14ms Stylesheet
text/css 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5679964
cf-polished: origSize=1701
x-guploader-uploadid: ABg5-UwRbBqrUTgzcypdeEnLLffVrUFlH4Ffm7o_Kq_YTSXWywTO_QDa5W3zu0-BQvy2RezZBILefdfyeqntrV4Fiuc
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: text/css
cf-request-id: 08915949c000004aaf5dad5000000001
expires: Sat, 25 Dec 2021 13:13:54 GMT
last-modified: Thu, 17 Dec 2020 11:33:02 GMT
server: cloudflare
etag: W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation: 1608204782760602
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1701
cf-ray: 629591893b414aaf-FRA
cf-bgj: minify

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEQWnWdxN10k88vogc%2F-LKEQTo6Vvatn_DEOJ48%2Fkerberoast-enumeration.png
gblobscdn.gitbook.com/ 46 KB
47 KB 15ms
14ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEQWnWdxN10k88vogc%2F-LKEQTo6Vvatn_DEOJ48%2Fkerberoast-enumeration.png?alt=media&token=eb2b7887-fdfd-44b1-8fe3-00d8c9d20375
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e728d119d23368fda40ec69c463f826ae532eba722f86f620e5ba12367f16ea1

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 1
x-guploader-uploadid: ABg5-Uwdw9eZBVBDB69I-1C2zl1z7sOwx6UOeiPZtauGGUTB2nuaHJgYqQwSXI0lC1Ivfl7lmIeN4MqUvElqQ10Q2wrEfV6JCQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-enumeration.png
content-type: image/png
content-length: 47393
cf-request-id: 08915949cb000005b76e01a000000001
last-modified: Sat, 18 Aug 2018 23:45:46 GMT
server: cloudflare
etag: "0ab2754d8e8ac9339e47feaf090ac18f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=JKRdfw==, md5=CrJ1TY6KyTOeR/6vCQrBjw==
x-goog-generation: 1534635946399458
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 47393
x-goog-meta-firebasestoragedownloadtokens: eb2b7887-fdfd-44b1-8fe3-00d8c9d20375
accept-ranges: bytes
cf-ray: 629591894d6b05b7-FRA
expires: Tue, 01 Mar 2022 21:44:44 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKO4btIeebtUwYK4eFR%2F-LKO52yd3HfsBmTinFHl%2Fkerberoast-powershell.png
gblobscdn.gitbook.com/ 19 KB
20 KB 15ms
14ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKO4btIeebtUwYK4eFR%2F-LKO52yd3HfsBmTinFHl%2Fkerberoast-powershell.png?alt=media&token=8c762564-615d-4deb-b1ee-b13b5aee29d1
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14eb64a86f2b60375df9a6f15f1c83b575317cf482f43f65783d2ef75da4105e

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UynY4stOLWcj59YW8N-JgbIX4fqYMLqVtShu-rCJuv3jThT_NOWILleFlZ3hhh3XF2p82P8G7WXgqgCSc-JlJE
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-powershell.png
content-type: image/png
content-length: 19705
cf-request-id: 08915949ec000005b7752f4000000001
last-modified: Mon, 20 Aug 2018 20:50:38 GMT
server: cloudflare
etag: "c21b0c07d30548165d813d9cbc1fd588"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=jFW2Jg==, md5=whsMB9MFSBZdgT2cvB/ViA==
x-goog-generation: 1534798238345658
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 19705
x-goog-meta-firebasestoragedownloadtokens: 8c762564-615d-4deb-b1ee-b13b5aee29d1
accept-ranges: bytes
cf-ray: 629591897db305b7-FRA
expires: Tue, 01 Mar 2022 11:41:39 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKIfG6BsIx4nzjVhA5g%2F-LKIfXzbGIXjdq2p7WgL%2Fkerberoast-setspn.png
gblobscdn.gitbook.com/ 51 KB
52 KB 13ms
13ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKIfG6BsIx4nzjVhA5g%2F-LKIfXzbGIXjdq2p7WgL%2Fkerberoast-setspn.png?alt=media&token=74471cd8-c62a-43b7-a195-bcbbbf1b1aca
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6ab9197bbd0560d5f2b1d4c09464f4c1250d8f00fcd67e2d86f94a4129b60eb

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-Uybv7zyZphYyNy9hpPhj7dT7trpTMYMFYnGhdZMeFo2KV09NQbPkAGMEow_fQqDYZuXXgmIpLJGI_VrnIrSqF9vaooiRw
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-setspn.png
content-type: image/png
content-length: 52311
cf-request-id: 08915949fe000005b701252000000001
last-modified: Sun, 19 Aug 2018 19:35:07 GMT
server: cloudflare
etag: "2536938058bbfe66522bbcc687fb4ecc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=RxP5SA==, md5=JTaTgFi7/mZSK7zGh/tOzA==
x-goog-generation: 1534707307227787
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 52311
x-goog-meta-firebasestoragedownloadtokens: 74471cd8-c62a-43b7-a195-bcbbbf1b1aca
accept-ranges: bytes
cf-ray: 629591899dd105b7-FRA
expires: Mon, 28 Feb 2022 17:31:22 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIBbmJjX4MMuicYOd%2Fkerberoast-kerberos-token.png
gblobscdn.gitbook.com/ 12 KB
13 KB 18ms
17ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIBbmJjX4MMuicYOd%2Fkerberoast-kerberos-token.png?alt=media&token=2e1874f2-0239-4842-861d-9afc8c460f9f
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5cad3bbdbb13e0f3c2b268cc08385fa6713ee7dfd95e7f9f3c5dcd53166c986

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UyQzu4OGOHEUPHLkNIvy0dYZRqr6fBIhGgJfsdtPHAFNCkqrS-8oPqXfweOplWqZTc4sES-QsIBSSplzv0OcHY_eLN42w
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-kerberos-token.png
content-type: image/png
content-length: 12780
cf-request-id: 0891594a0c000005b7252c1000000001
last-modified: Sat, 18 Aug 2018 23:10:20 GMT
server: cloudflare
etag: "108ef1600d08c95644da293cf0cd541a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=nRWKXA==, md5=EI7xYA0IyVZE2ik88M1UGg==
x-goog-generation: 1534633820079049
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 12780
x-goog-meta-firebasestoragedownloadtokens: 2e1874f2-0239-4842-861d-9afc8c460f9f
accept-ranges: bytes
cf-ray: 62959189adec05b7-FRA
expires: Mon, 28 Feb 2022 17:31:22 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIGe2N7anuEWUEzEI%2Fkerberoast-exported-kerberos-tickets.png
gblobscdn.gitbook.com/ 42 KB
43 KB 31ms
31ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEIGe2N7anuEWUEzEI%2Fkerberoast-exported-kerberos-tickets.png?alt=media&token=4f59a38f-c80b-46b0-97f1-4009673381b0
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a32bf57c9b424f2579110375a0df71ffce7a48774705c06053ebbe1a983e6a4c

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UymJ33equ0NW2MO6CNdsTJ8O6P45w2yww19rCk6QTlm2-PN2y-9VjZHUFSloacp2oU35vXDh_s9XpqCcQbNPZfeDf-UPA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-exported-kerberos-tickets.png
content-type: image/png
content-length: 43037
cf-request-id: 0891594a13000005b777912000000001
last-modified: Sat, 18 Aug 2018 23:10:19 GMT
server: cloudflare
etag: "af3b9fa83f05c406b1a919ec160d05c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=rzCM5g==, md5=rzufqD8FxAaxqRnsFg0Fxw==
x-goog-generation: 1534633819858623
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 43037
x-goog-meta-firebasestoragedownloadtokens: 4f59a38f-c80b-46b0-97f1-4009673381b0
accept-ranges: bytes
cf-ray: 62959189bdf205b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEILsCTgLjlbxn9h7B%2Fkerberoast-cracked.png
gblobscdn.gitbook.com/ 11 KB
12 KB 18ms
18ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKEIPRKzyIL8ssJ1Eky%2F-LKEILsCTgLjlbxn9h7B%2Fkerberoast-cracked.png?alt=media&token=f4e6ec4f-9ed9-4217-a665-b86ca678f861
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e923d808a9c6ed43c11f2acd015a95f9c0f92df579d4a56b512d293c7490f17

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UxKuASiUQOEIZtdVFhILieFebGkT9axLo-dovFQ4F9VUk-jVQVw3JOG8UGPQDUBSq9IpBUuApXpTysFeleDvtAUbwo9Uw
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-cracked.png
content-type: image/png
content-length: 11739
cf-request-id: 0891594a2c000005b737a19000000001
last-modified: Sat, 18 Aug 2018 23:10:19 GMT
server: cloudflare
etag: "cb8ee8dcfc46b56bb76265b787835d96"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=MxH9BA==, md5=y47o3PxGtWu3YmW3h4Ndlg==
x-goog-generation: 1534633819814750
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 11739
x-goog-meta-firebasestoragedownloadtokens: f4e6ec4f-9ed9-4217-a665-b86ca678f861
accept-ranges: bytes
cf-ray: 62959189de2c05b7-FRA
expires: Tue, 01 Mar 2022 11:41:38 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIlHyRC5bx2E7kMWZs%2Fkerberoast-4769.png
gblobscdn.gitbook.com/ 52 KB
52 KB 20ms
20ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIlHyRC5bx2E7kMWZs%2Fkerberoast-4769.png?alt=media&token=c639c0dc-77c9-46b4-8b79-daaecd2aef7e
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6fb626f0c4fa59ec4ad90dae6126dc7446b39bf8c9d5c4e1724654fdbccd858

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UztpNP7cWctUdC_D76iE65ZMP_zBSrSC1336PRT_pvIUpdbduuSSIS1Nb6gJGmoZxxCseZXPchfsHvqGlqadzw
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-4769.png
content-type: image/png
content-length: 52958
cf-request-id: 0891594a2e000005b755a69000000001
last-modified: Sun, 19 Aug 2018 20:11:59 GMT
server: cloudflare
etag: "f4107a9b8228c027a517aaacc61ba2a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=twR6Fg==, md5=9BB6m4IowCelF6qsxhuiqQ==
x-goog-generation: 1534709519166578
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 52958
x-goog-meta-firebasestoragedownloadtokens: c639c0dc-77c9-46b4-8b79-daaecd2aef7e
accept-ranges: bytes
cf-ray: 62959189ee3405b7-FRA
expires: Tue, 01 Mar 2022 11:41:38 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIningDnwgpErj5BQO%2Fkerberoast-logs.png
gblobscdn.gitbook.com/ 40 KB
41 KB 16ms
15ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKIl6pZ0bcRVjnv2Tp8%2F-LKIningDnwgpErj5BQO%2Fkerberoast-logs.png?alt=media&token=eadce00c-2062-471c-a65c-8dd99323ca24
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 762293bd063a1db8a3acce093d104db94effd970b83fab92673f05715811f91b

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UzrIbQYulyLGQxRejIcRN7gL7IsP0luVzO6_fuMasKqn3Fqm9d4GjDrezVzP6tWblfMZ0AGSkbelWne1jq9bYUOlawqng
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-logs.png
content-type: image/png
content-length: 41445
cf-request-id: 0891594a31000005b734376000000001
last-modified: Sun, 19 Aug 2018 20:11:59 GMT
server: cloudflare
etag: "8eba7882971e5ba3a30dd9802d8b6bf5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=GNHFXA==, md5=jrp4gpceW6OjDdmALYtr9Q==
x-goog-generation: 1534709519106876
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 41445
x-goog-meta-firebasestoragedownloadtokens: eadce00c-2062-471c-a65c-8dd99323ca24
accept-ranges: bytes
cf-ray: 62959189ee3805b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj4Kvf84KO1anyG1W%2Fkerberoast-tgs-req.png
gblobscdn.gitbook.com/ 66 KB
67 KB 22ms
21ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj4Kvf84KO1anyG1W%2Fkerberoast-tgs-req.png?alt=media&token=f89019df-a503-44e9-bcd1-5886b5afcc4c
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 87f128d0601eecb9a424a030723b4c0f9a482aac7b08ec853ec0491ead0aa02c

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UxZbwq8VXisVzhjIlnQwi0Pb4u86UIa53IuZsfIRah_CxO6FiHpa1WzrhLWMOfow9MnePhSBMcGnAIV8Sn2hMFWxsE_yA
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-tgs-req.png
content-type: image/png
content-length: 67776
cf-request-id: 0891594a34000005b748b6d000000001
last-modified: Sun, 19 Aug 2018 10:36:49 GMT
server: cloudflare
etag: "e580b35b662be53c25cc6eba444968a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=qtvUvA==, md5=5YCzW2Yr5TwlzG66RElopA==
x-goog-generation: 1534675009342546
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 67776
x-goog-meta-firebasestoragedownloadtokens: f89019df-a503-44e9-bcd1-5886b5afcc4c
accept-ranges: bytes
cf-ray: 62959189ee3f05b7-FRA
expires: Mon, 28 Feb 2022 17:31:25 GMT

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-267.firebaseio.com/ Frame 2457 420 B
649 B 244ms
111ms Document
text/html 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-267.firebaseio.com/.lp?dframe=t&id=2837540&pw=3lCTrPjtw7&ns=gitbook-28427

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

852218dbc1f970fb71973fdca726c940d0082203f0a1a875fac6e6a98b6edc7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Host: s-usc1c-nss-267.firebaseio.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Response headers

Server: nginx
Date: Mon, 01 Mar 2021 21:44:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 420
Connection: keep-alive
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj6j_gpAVwcUbHpg0%2Fkerberoast-tgs-res.png
gblobscdn.gitbook.com/ 71 KB
71 KB 16ms
15ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKGilNsUAW2LcJ-aMvk%2F-LKGj6j_gpAVwcUbHpg0%2Fkerberoast-tgs-res.png?alt=media&token=e584d327-b3c0-49f0-b350-9e7fd8c4061e
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64644512411dce196ad6269eb338150128d76182073a7216c82683a32f7e1adb

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UzCxNChDxW6OupYPf2WOnKEdiQK39f1dZlLOtUAQlqA1xhdu5XAWGBgrSzqz6OxBCQBF3ztvnkTpQXs01Q_Xug
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-tgs-res.png
content-type: image/png
content-length: 72408
cf-request-id: 0891594a41000005b701256000000001
last-modified: Sun, 19 Aug 2018 10:36:49 GMT
server: cloudflare
etag: "6184163f3322efde3b56f574e4e8b58f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Srh/dg==, md5=YYQWPzMi7947VvV05Oi1jw==
x-goog-generation: 1534675009417651
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 72408
x-goog-meta-firebasestoragedownloadtokens: e584d327-b3c0-49f0-b350-9e7fd8c4061e
accept-ranges: bytes
cf-ray: 6295918a0e5605b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-267.firebaseio.com/ Frame 6D42 15 B
256 B 240ms
115ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-267.firebaseio.com/.lp?id=2837540&pw=3lCTrPjtw7&ser=32824792&ns=gitbook-28427

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Mar 2021 21:44:46 GMT
Server: nginx
Connection: keep-alive
Content-Length: 15
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-267.firebaseio.com/ Frame 6D42 58 B
299 B 240ms
113ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-267.firebaseio.com/.lp?id=2837540&pw=3lCTrPjtw7&ser=32824793&ns=gitbook-28427&seg0=0&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MSwiYSI6InMiLCJiIjp7ImMiOnsic2RrLmpzLjctMTQtMSI6MX19fX0.

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Mar 2021 21:44:46 GMT
Server: nginx
Connection: keep-alive
Content-Length: 58
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4lBMQhe-45WDcppK%2Fkerberoast-creating-keytab.png
gblobscdn.gitbook.com/ 24 KB
25 KB 16ms
15ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4lBMQhe-45WDcppK%2Fkerberoast-creating-keytab.png?alt=media&token=a241ac27-8278-4bc4-bd9b-409478576c6d
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 675bb787300bc56cda7d4c7b0df26ef50ef828f455b3c284219d62cf1e024725

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-Ux8OZiiEji_oRlyZGT8qAY2oZdsudZUCjfl5f6beMr53_Bx4zHeZ-wzAufx8_EqMMDSUcsYytxKSCrJ2gKGdMVbN-5p_g
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-creating-keytab.png
content-type: image/png
content-length: 24803
cf-request-id: 0891594a4d000005b743b5c000000001
last-modified: Sun, 19 Aug 2018 12:20:26 GMT
server: cloudflare
etag: "4e0b5d86c29b584388afd9a520340830"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=r4i7ew==, md5=TgtdhsKbWEOIr9mlIDQIMA==
x-goog-generation: 1534681226436731
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 24803
x-goog-meta-firebasestoragedownloadtokens: a241ac27-8278-4bc4-bd9b-409478576c6d
accept-ranges: bytes
cf-ray: 6295918a1e6b05b7-FRA
expires: Tue, 01 Mar 2022 11:41:39 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4ntWZZS0w0-UQqUV%2Fkerberoast-wireshark-keytab.png
gblobscdn.gitbook.com/ 52 KB
53 KB 13ms
13ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH4ntWZZS0w0-UQqUV%2Fkerberoast-wireshark-keytab.png?alt=media&token=a2f88ea5-de7e-4a9f-954b-b8a2e5aec08b
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff24cc396327955545e5cca845f403dfd7a441b2b74cc288ae902ddaa1c45218

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UxY_EjXwFMXwL5PwZE3hmAysPuCCKMoDvxTWdn7CGDTmZhw2RcwygqBTTt5wIbdBqQ3FzQ7tKVHV7n64rYe9Mgq8ayn9w
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-wireshark-keytab.png
content-type: image/png
content-length: 53374
cf-request-id: 0891594a4e000005b748b6e000000001
last-modified: Sun, 19 Aug 2018 12:20:26 GMT
server: cloudflare
etag: "f2615e2943baa5d23ed3e1150255b446"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=dupWXg==, md5=8mFeKUO6pdI+0+EVAlW0Rg==
x-goog-generation: 1534681226503896
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 53374
x-goog-meta-firebasestoragedownloadtokens: a2f88ea5-de7e-4a9f-954b-b8a2e5aec08b
accept-ranges: bytes
cf-ray: 6295918a1e6c05b7-FRA
expires: Mon, 28 Feb 2022 17:31:26 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH6iRF_yfVO_4JgoP9%2Fkerberoast-decrypted.png
gblobscdn.gitbook.com/ 378 KB
379 KB 18ms
18ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKH6lKxEkloJztnpqzM%2F-LKH6iRF_yfVO_4JgoP9%2Fkerberoast-decrypted.png?alt=media&token=aa42e7bb-9b09-47ef-8a02-76942e3eaac7
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f627b4db5fb9736c1229b3332d4ee13aea7fba2c68c4d0e7c5013269a80f8376

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UwTGP8uiNZVIzxklM0A8H8MlfwRlOWiSTfyVmBx2Z5lmGtSJPF11VTd1Yum7IcxanY4XcQxeJOurpoZgbr6y1s3QqhnHQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-decrypted.png
content-type: image/png
content-length: 387195
cf-request-id: 0891594a50000005b75b2b0000000001
last-modified: Sun, 19 Aug 2018 12:20:26 GMT
server: cloudflare
etag: "11da5399aa887796710e3adafd4c8fac"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=IlYsbA==, md5=EdpTmaqId5ZxDjra/UyPrA==
x-goog-generation: 1534681226920374
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 387195
x-goog-meta-firebasestoragedownloadtokens: aa42e7bb-9b09-47ef-8a02-76942e3eaac7
accept-ranges: bytes
cf-ray: 6295918a1e7005b7-FRA
expires: Mon, 28 Feb 2022 17:31:27 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdsJBFE3Mnvtrl0iu%2Fkerberoast-crackstation.png
gblobscdn.gitbook.com/ 110 KB
111 KB 15ms
15ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdsJBFE3Mnvtrl0iu%2Fkerberoast-crackstation.png?alt=media&token=e99c0667-3d28-44bc-8434-1bc3fcd5f3d0
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2aadec2ec38b0ae066bbb15b8e91409c76ab81b914a688916450a091a545b256

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UwfcsKuhizU3BcokBIbacG7N1y1sdiaKvJQ39WUDlT3TNIBY8CMP00xY3y-WsvqjpsTtG3DMVYgCb72Ve5Sr6c
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-crackstation.png
content-type: image/png
content-length: 112559
cf-request-id: 0891594a52000005b7252c5000000001
last-modified: Sun, 19 Aug 2018 14:50:34 GMT
server: cloudflare
etag: "9b5e24571db71f25c189959c2780298d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Mt6VMw==, md5=m14kVx23HyXBiZWcJ4ApjQ==
x-goog-generation: 1534690234713559
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 112559
x-goog-meta-firebasestoragedownloadtokens: e99c0667-3d28-44bc-8434-1bc3fcd5f3d0
accept-ranges: bytes
cf-ray: 6295918a1e7305b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdaWK0wLrmtY_gha0%2Fkerberoast-printstatements.png
gblobscdn.gitbook.com/ 210 KB
210 KB 23ms
23ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHdaWK0wLrmtY_gha0%2Fkerberoast-printstatements.png?alt=media&token=6bb3a13e-5900-4445-9004-0e175a840aa9
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09bad523e3e6e79d428aef576c3d1684f53fc07e11deb863f314a8c0a68e2b55

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: HIT
age: 2
x-guploader-uploadid: ABg5-UyIClF00DBaBrWXz_YMpdi6JVmXBiQudg1rYn0b-KoE6J2GmN_fU1FZAaiZRGlW_Rza5RU39UzDXWqt6BgCUPo
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-printstatements.png
content-type: image/png
content-length: 214881
cf-request-id: 0891594a53000005b71a9e1000000001
last-modified: Sun, 19 Aug 2018 14:50:34 GMT
server: cloudflare
etag: "760a5bf0019076c1fcfe29dfd2cfc88e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=PQHelQ==, md5=dgpb8AGQdsH8/inf0s/Ijg==
x-goog-generation: 1534690234640390
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 214881
x-goog-meta-firebasestoragedownloadtokens: 6bb3a13e-5900-4445-9004-0e175a840aa9
accept-ranges: bytes
cf-ray: 6295918a1e7505b7-FRA
expires: Tue, 01 Mar 2022 11:41:39 GMT

GET
H2 200 assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHe8dvHZGhNNZdCSO8%2Fkerberoast-decryptedonline.png
gblobscdn.gitbook.com/ 165 KB
166 KB 27ms
27ms Image
image/png 2606:4700::6812:96f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LKHbc6IrcsO-aRw_Ntl%2F-LKHe8dvHZGhNNZdCSO8%2Fkerberoast-decryptedonline.png?alt=media&token=a79b89bd-50d1-416f-9283-6a1d2ca10eed
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20a4f440a1c26111e5f614be982d6777e6f03db763e08d01ca0f0318782636de

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
cf-cache-status: MISS
x-guploader-uploadid: ABg5-UxreAn1uvHD7hm1NWkzNG2BCnnleO-x1m1eF-Y2qCmTxJsBooOfQxnvKbkREuw3VlNCXcHYUoD25LfQWswPic-n8KUNcQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''kerberoast-decryptedonline.png
content-type: image/png
content-length: 168896
cf-request-id: 0891594a55000005b777916000000001
last-modified: Sun, 19 Aug 2018 14:50:34 GMT
server: cloudflare
etag: "c132e7a71a77750f6f2b31ca26c542ee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=Bjg22g==, md5=wTLnpxp3dQ9vKzHKJsVC7g==
x-goog-generation: 1534690234728957
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 168896
x-goog-meta-firebasestoragedownloadtokens: a79b89bd-50d1-416f-9283-6a1d2ca10eed
accept-ranges: bytes
cf-ray: 6295918a2e7a05b7-FRA
expires: Tue, 01 Mar 2022 20:59:30 GMT

GET
H2 200 embed.js Show response
cdn.iframe.ly/ 22 KB
7 KB 24ms
24ms Script
application/javascript 13.224.195.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/embed.js
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-44.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 2943b8f0cb7ea6bfd6c933a4fa39982c6fa01de274c2ada54047f59ecf20f7f5

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 02:42:16 GMT
content-encoding: br
last-modified: Thu, 26 Mar 2020 16:41:00 GMT
server: nginx
age: 68554
etag: W/"5e7cdb1c-563c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: q4i-vfLwLSOUxiJ4jo-Tt8LYl1UK8C7qcRcn3na2X8hxL7FifcWWgg==
via: 1.1 c2a926ef1bafe1ab239d4761594a8099.cloudfront.net (CloudFront)

GET
H3-Q050 200 photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 7 KB
7 KB 34ms
21ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:38:36 GMT
x-content-type-options: nosniff
age: 11170
content-disposition: inline;filename=""
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6707
x-xss-protection: 0
server: fife
etag: "v5e"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 02 Mar 2021 18:38:36 GMT

GET
H2 200 gOrfAo6 Show response
cdn.iframe.ly/ Frame 7B5F 8 KB
3 KB 36ms
36ms Document
text/html 13.224.195.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.iframe.ly/gOrfAo6
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-44.fra2.r.cloudfront.net
Software: nginx / iframe.ly
Resource Hash: 63f125a8c639cc8b42ae13d1638af518eb975d83e1c0ec388832484945abc276

Request headers

:method: GET
:authority: cdn.iframe.ly
:scheme: https
:path: /gOrfAo6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Response headers

content-type: text/html; charset=utf-8
server: nginx
date: Mon, 01 Mar 2021 20:59:30 GMT
x-powered-by: iframe.ly
cache-control: public, max-age=3600
expires: Mon, 01 Mar 2021 21:59:30 GMT
etag: W/"95891dc943ed8d932563f7a483fea0d1"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2a926ef1bafe1ab239d4761594a8099.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: hdzsJMzhzWdvT2tQs9s4jCGoO-nFwnB2Uo0sLG_flvNOZyoNOR9UKA==
age: 2716

POST atr
www.youtube.com/api/stats/ Frame BB0D 0
0

GET
H2 200 4877511
avatars3.githubusercontent.com/u/ 9 KB
10 KB 18ms
17ms Image
image/jpeg 185.199.108.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars3.githubusercontent.com/u/4877511?s=400&v=4

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.108.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-108-133.github.com

Software

Resource Hash

b43eefddc46de63527a3841ca2f1186bbd6468bc09e93676acecf09b1569ebf7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: ba79990ed0ae7384c5e35ba401aae3a2cf7dc5a0
content-security-policy: default-src 'none'
via: 1.1 varnish
x-content-type-options: nosniff
x-cache: HIT
x-cache-hits: 2
vary: Authorization,Accept-Encoding
content-length: 9705
x-xss-protection: 1; mode=block
x-served-by: cache-ams21056-AMS
last-modified: Sat, 10 Dec 2016 02:43:39 GMT
x-github-request-id: 8D6C:FADA:3D058E:420814:6037C072
x-timer: S1614635087.608521,VS0,VE0
x-frame-options: deny
date: Mon, 01 Mar 2021 21:44:46 GMT
source-age: 368604
strict-transport-security: max-age=31557600
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
etag: "06438b4f26d99bfce149bccbd857e9b435ec242b7ef465877ef5daeb47a5a706"
accept-ranges: bytes
timing-allow-origin: https://github.com
expires: Mon, 01 Mar 2021 21:49:46 GMT

GET
H2

200

Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg
www.stealthbits.com/blog/wp-content/uploads/2017/05/
Redirect Chain

https://blog.stealthbits.com/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg
https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg

676 KB
679 KB

120ms
120ms

Image
image/jpeg

72.52.228.51
LIQUIDWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.52.228.51 , United States, ASN32244 (LIQUIDWEB, US),

Reverse DNS

Software

Apache /

Resource Hash

f5b001a99b21678879ce79b79b5ff671b4924fd60409c12f683c1bf7fafcfdb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:47 GMT
referrer-policy: same-origin
last-modified: Mon, 08 May 2017 18:29:44 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
cache-control: public
feature-policy: geolocation 'self'; vibrate 'none'
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 692425
x-content-type-options: nosniff
expires: Tue, 01 Mar 2022 21:44:47 GMT

Redirect headers

date: Mon, 01 Mar 2021 21:44:47 GMT
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1
location: https://www.stealthbits.com/blog/wp-content/uploads/2017/05/Blog2-banner-Extract-Service-Account-Passwords-Kerberoasting1024x326.jpg
cache-control: max-age=0
content-length: 316
expires: Mon, 01 Mar 2021 21:44:47 GMT

GET
H2 200 Kerberoast-RC4-WireShark-TGSREP-Using-PowerShell.jpg
adsecurity.org/wp-content/uploads/2015/12/ 147 KB
147 KB 146ms
144ms Image
image/jpeg 2607:f1c0:100f:f000::2af
IONOS-AS This is ...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adsecurity.org/wp-content/uploads/2015/12/Kerberoast-RC4-WireShark-TGSREP-Using-PowerShell.jpg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2607:f1c0:100f:f000::2af , United States, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
Software: Apache /
Resource Hash: 1bac465dbe36a6a5f725f53f09d918259380a22f8eed7c962ce1c8c035dfae80

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
last-modified: Tue, 29 Dec 2015 18:49:25 GMT
server: Apache
accept-ranges: bytes
etag: "24a4f-5280de16a2451"
content-length: 150095
content-type: image/jpeg

GET
H2 200 autokerberoast-service-ticket-hashes-of-particular-domain-and-group.png
pentestlab.files.wordpress.com/2018/06/ 221 KB
221 KB 18ms
17ms Image
image/png 192.0.72.28
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentestlab.files.wordpress.com/2018/06/autokerberoast-service-ticket-hashes-of-particular-domain-and-group.png

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.72.28 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b0032ab02d0402ecc5ace5baf49542a8fa3b9d8949aee9cfa89026a2923ac969

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff, nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT ams 28 np
date: Mon, 01 Mar 2021 21:44:46 GMT
x-content-type-options: nosniff, nosniff, nosniff
last-modified: Sun, 10 Jun 2018 22:07:18 GMT
server: nginx
x-orig-src: 01_mogdir
content-type: image/png
access-control-allow-origin: https://pentestlab.wordpress.com
access-control-allow-credentials: true
accept-ranges: bytes
vary: Origin
content-length: 226016
expires: Tue, 30 Mar 2021 12:48:53 GMT

GET
H2 404 cerberos-1.jpg
blog.xpnsec.com/content/images/2017/09/ 0
0 8ms
6ms Image
text/html 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blog.xpnsec.com/content/images/2017/09/cerberos-1.jpg
Requested by: Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 0*xUonZaUp66Yqlbed.png
miro.medium.com/max/596/ 202 KB
202 KB 20ms
19ms Image
image/png 2606:4700:7::a29f:9804
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/max/596/0*xUonZaUp66Yqlbed.png

Requested by

Host: www.ired.team
URL: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9804 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f048f038d6012c669879116aed276c59eaebd6cc4be66a4fddb8268ed700b7b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2
x-envoy-upstream-service-time: 80
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 206718
cf-request-id: 0891594b0c0000c28b31bd7000000001
pragma: public
sepia-upstream: medium
server: cloudflare
etag: "16.3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
medium-fulfilled-by: miro/main-20201103-004404-ec640a6618
accept-ranges: bytes
cf-ray: 6295918b4802c28b-FRA
expires: Wed, 31 Mar 2021 21:44:46 GMT

POST
H2 200 / Show response
www.gitbook.com/__amp/ 7 B
289 B 711ms
701ms XHR
text/html 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gitbook.com/__amp/

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 01 Mar 2021 21:44:47 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=15768000
cf-ray: 6295918bbcf82c3a-FRA
content-length: 7
cf-request-id: 0891594b5600002c3abf28e000000001

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Feb 2021 21:33:27 GMT
server: Golfe2
age: 6130
date: Mon, 01 Mar 2021 20:02:36 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18980
expires: Mon, 01 Mar 2021 22:02:36 GMT

GET
H2 200 7f9239ce726764aa22093884902e018d.svg
gstatic.gitbook.com/images/ 2 KB
1 KB 25ms
25ms Image
image/svg+xml 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gstatic.gitbook.com/images/7f9239ce726764aa22093884902e018d.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5680018
x-guploader-uploadid: ABg5-UxR-FK8U0DOCB_P1BxO-s8Ghu37pQrgymkBCX2n2Py5GRD03GproWHx5b3Vll0WKMKiFF9wUfq9hocu_bfxU-Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
cf-request-id: 0891594b7300004aaf4ea18000000001
last-modified: Thu, 17 Dec 2020 11:33:02 GMT
server: cloudflare
etag: W/"7f9239ce726764aa22093884902e018d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=VnuT0A==, md5=f5I5znJnZKoiCTiEkC4BjQ==
x-goog-generation: 1608204782831580
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-goog-stored-content-length: 2137
cf-ray: 6295918beee04aaf-FRA
expires: Sun, 26 Dec 2021 03:57:47 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
65 B 13ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=1429018471&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security-experiments%2Factive-directory-kerberos-abuse%2Ft1208-kerberoasting&dp=%2Foffensive-security-experiments%2Factive-directory-kerberos-abuse%2Ft1208-kerberoasting&ul=en-us&de=UTF-8&dt=Kerberoasting%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=283253447&gjid=1933023853&cid=1317857823.1614635087&tid=UA-57505611-10&_gid=672550083.1614635087&_r=1&_slc=1&cd1=-LFEMnER3fywgFHoroYn&cd2=-LFEMnEQwqZOY6DtfrzY&cd3=-MUj6SeBI9x2RO6fB2vl&cd4=master&cd5=-LKCozyIeG7HhE1Kbclh&z=374858575

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 01 Mar 2021 21:44:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ired.team
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 12ms
12ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j88&a=1429018471&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security-experiments%2Factive-directory-kerberos-abuse%2Ft1208-kerberoasting&dp=%2Foffensive-security-experiments%2Factive-directory-kerberos-abuse%2Ft1208-kerberoasting&ul=en-us&de=UTF-8&dt=Kerberoasting%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=962692090&gjid=159551826&cid=1317857823.1614635087&tid=UA-128974775-1&_gid=672550083.1614635087&_r=1&_slc=1&z=298503101

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 01 Mar 2021 21:44:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ired.team
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-267.firebaseio.com/ Frame 6D42 15 B
256 B 115ms
114ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-267.firebaseio.com/.lp?id=2837540&pw=3lCTrPjtw7&ser=32824794&ns=gitbook-28427&seg0=1&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MiwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRmF0dGFjayUyRW1pdHJlJTJFb3JnJTJGd2lraSUyRlRlY2huaXF1ZSUyRlQxMjA4IiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg1=2&ts1=1&d1=eyJ0IjoiZCIsImQiOnsiciI6MywiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRmdpdGh1YiUyRWNvbSUyRm5pZGVtJTJGa2VyYmVyb2FzdCIsImQiOnsib3V0ZGF0ZWQiOnRydWV9fX19&seg2=3&ts2=1&d2=eyJ0IjoiZCIsImQiOnsiciI6NCwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRmJsb2clMkVzdGVhbHRoYml0cyUyRWNvbSUyRmV4dHJhY3Rpbmctc2VydmljZS1hY2NvdW50LXBhc3N3b3Jkcy13aXRoLWtlcmJlcm9hc3RpbmclMkYiLCJkIjp7Im91dGRhdGVkIjp0cnVlfX19fQ..&seg3=4&ts3=1&d3=eyJ0IjoiZCIsImQiOnsiciI6NSwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRmFkc2VjdXJpdHklMkVvcmclMkY_cD0yMjkzIiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg4=5&ts4=1&d4=eyJ0IjoiZCIsImQiOnsiciI6NiwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRnd3dyUyRXlvdXR1YmUlMkVjb20lMkZ3YXRjaD92PW5KU01KeVJOdmxNJmZlYXR1cmU9eW91dHUlMkViZSZ0PTE2IiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg5=6&ts5=1&d5=eyJ0IjoiZCIsImQiOnsiciI6NywiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHA6JTJGJTJGd3d3JTJFaGFybWoweSUyRW5ldCUyRmJsb2clMkZwb3dlcnNoZWxsJTJGa2VyYmVyb2FzdGluZy13aXRob3V0LW1pbWlrYXR6JTJGIiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg6=7&ts6=1&d6=eyJ0IjoiZCIsImQiOnsiciI6OCwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRnBlbnRlc3RsYWIlMkVibG9nJTJGMjAxOCUyRjA2JTJGMTIlMkZrZXJiZXJvYXN0JTJGIiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg7=8&ts7=1&d7=eyJ0IjoiZCIsImQiOnsiciI6OSwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRmJsb2clMkV4cG5zZWMlMkVjb20lMkZrZXJiZXJvcy1hdHRhY2tzLXBhcnQtMSUyRiIsImQiOnsib3V0ZGF0ZWQiOnRydWV9fX19&seg8=9&ts8=1&d8=eyJ0IjoiZCIsImQiOnsiciI6MTAsImEiOiJtIiwiYiI6eyJwIjoiL2VtYmVkcy9odHRwczolMkYlMkZwZW50ZXN0bGFiJTJFYmxvZyUyRjIwMTglMkYwNiUyRjEyJTJGa2VyYmVyb2FzdCUyRiIsImQiOnsib3V0ZGF0ZWQiOnRydWV9fX19

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

69edbb4b8b9d84e5ba78c25df18225d073c2fe591970273a5e12582a40566ada

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Mar 2021 21:44:46 GMT
Server: nginx
Connection: keep-alive
Content-Length: 15
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-267.firebaseio.com/ Frame 6D42 15 B
256 B 114ms
114ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-267.firebaseio.com/.lp?id=2837540&pw=3lCTrPjtw7&ser=32824795&ns=gitbook-28427&seg0=10&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MTEsImEiOiJtIiwiYiI6eyJwIjoiL2VtYmVkcy9odHRwOiUyRiUyRnJjNCUyRW9ubGluZS1kb21haW4tdG9vbHMlMkVjb20lMkYiLCJkIjp7Im91dGRhdGVkIjp0cnVlfX19fQ..&seg1=11&ts1=1&d1=eyJ0IjoiZCIsImQiOnsiciI6MTIsImEiOiJtIiwiYiI6eyJwIjoiL2VtYmVkcy9odHRwczolMkYlMkZibG9ncyUyRXRlY2huZXQlMkVtaWNyb3NvZnQlMkVjb20lMkZhc2tkcyUyRjIwMDglMkYwMyUyRjA2JTJGa2VyYmVyb3MtZm9yLXRoZS1idXN5LWFkbWluJTJGIiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg2=12&ts2=1&d2=eyJ0IjoiZCIsImQiOnsiciI6MTMsImEiOiJxIiwiYiI6eyJwIjoiL3NwYWNlcy8tTEZFTW5FUjNmeXdnRkhvcm9Zbi91c2VyUGFnZVJhdGluZ3MvLUxLQ296eUllRzdIaEUxS2JjbGgvLU1VamsxYW5SMTRYOE1zb1FObjMiLCJoIjoiIn19fQ..

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

f11343ffce0f354cec20c16b01522e0f980262fb500e3c81576c91e1e5f14151

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Mar 2021 21:44:46 GMT
Server: nginx
Connection: keep-alive
Content-Length: 15
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H3-Q050 200 nJSMJyRNvlM Show response
www.youtube.com/embed/ Frame 7B5F 51 KB
21 KB 56ms
56ms Document
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Requested by

Host: cdn.iframe.ly
URL: https://cdn.iframe.ly/gOrfAo6

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

97302540ac5e770e8a52955aee350ed64dc744ef11b0d82c820e8df18ddc353f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/nJSMJyRNvlM?rel=0&start=16
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.iframe.ly/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=X-GXsKFkXXs; VISITOR_INFO1_LIVE=W9iotl6QJMs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://cdn.iframe.ly/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 01 Mar 2021 21:44:46 GMT
strict-transport-security: max-age=31536000
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+273; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 www-player-webp.css
www.youtube.com/s/player/4fe52f49/ Frame 7B5F 340 KB
51 KB 11ms
10ms Stylesheet
text/css 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3343a4e8f05ab408911f4ea5f601801208a10a7d01f3a40a65bf4c6ec3900f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 25 Feb 2021 16:46:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 363468
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52149
x-xss-protection: 0
expires: Fri, 25 Feb 2022 16:46:58 GMT

GET
H3-Q050 200 www-embed-player.js Show response
www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/ Frame 7B5F 157 KB
57 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b15819c89eec43f6a9f25d77a37dc02960dad46caa0dabe10699df1fccf45101

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 10:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 38850
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58416
x-xss-protection: 0
expires: Tue, 01 Mar 2022 10:57:16 GMT

GET
H3-Q050 200 base.js Show response
www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/ Frame 7B5F 2 MB
501 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0080cb454fdee548ddf7fe5a570ec35de96ae2b2b1d5af2e178c0a717a35c423

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 09:08:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 45382
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 513497
x-xss-protection: 0
expires: Tue, 01 Mar 2022 09:08:24 GMT

GET
H3-Q050 200 fetch-polyfill.js Show response
www.youtube.com/s/player/4fe52f49/fetch-polyfill.vflset/ Frame 7B5F 8 KB
3 KB 13ms
12ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 04:48:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 60986
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3027
x-xss-protection: 0
expires: Tue, 01 Mar 2022 04:48:20 GMT

GET
H3-Q050 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7B5F 10 KB
11 KB 11ms
10ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 06:39:48 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 227098
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
expires: Sun, 27 Feb 2022 06:39:48 GMT

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-267.firebaseio.com/ Frame 6D42 546 B
788 B 114ms
113ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-267.firebaseio.com/.lp?id=2837540&pw=3lCTrPjtw7&ser=32824796&ns=gitbook-28427

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

dbe96c67621a0ea1f0145e4ff3729ebafe4e525768b92f892a7387ed1bbe014a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Mar 2021 21:44:46 GMT
Server: nginx
Connection: keep-alive
Content-Length: 546
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H3-Q050 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 7B5F 113 B
183 B 38ms
38ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/www-embed-player.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89870dd3cccade45cf8f960f1c2881676a7e15310c9fab0b5271d3dddf0184f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 7B5F 29 B
394 B 34ms
20ms Script
text/javascript 2a00:1450:4001:80e::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/www-embed-player.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:30:30 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 856
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Mon, 01 Mar 2021 21:45:30 GMT

GET
H3-Q050 200 remote.js Show response
www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/ Frame 7B5F 96 KB
96 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64620c4b38f39b52be7567a111c31cb9a516e243c6b689564e73103c69d3c2b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 18:22:45 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 12121
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98288
x-xss-protection: 0
expires: Tue, 01 Mar 2022 18:22:45 GMT

GET
H3-Q050 200 5F6tG6N9C-HNFBmbPVEyNyk6q7IXWibXNpfQ51AyKrE.js Show response
www.google.com/js/bg/ Frame 7B5F 14 KB
6 KB 34ms
21ms Script
text/javascript 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/5F6tG6N9C-HNFBmbPVEyNyk6q7IXWibXNpfQ51AyKrE.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e45ead1ba37d0be1cd14199b3d513237293aabb2175a26d73697d0e750322ab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 20:03:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 11:00:00 GMT
server: sffe
age: 6087
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6224
x-xss-protection: 0
expires: Tue, 01 Mar 2022 20:03:20 GMT

GET
H3-Q050 200 embed.js Show response
www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/ Frame 7B5F 29 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d619e1addf6b5ae77461e2ca5337064f47894441b8df71be6ad8fd5288a1aba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 27 Feb 2021 15:45:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 01:23:32 GMT
server: sffe
age: 194364
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9681
x-xss-protection: 0
expires: Sun, 27 Feb 2022 15:45:23 GMT

GET
DATA 200
OK truncated
/ Frame 7B5F 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 AAUvwnis_ImIxtao1imOcMgE1a42qx1Fohz2K4caL4eXlwk=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 7B5F 3 KB
3 KB 34ms
20ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AAUvwnis_ImIxtao1imOcMgE1a42qx1Fohz2K4caL4eXlwk=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7cee3a15b7511743d654a9f7286126303b0751c456f6021b982aaf6a2e586ec2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 20:29:55 GMT
x-content-type-options: nosniff
age: 4492
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3038
x-xss-protection: 0
server: fife
etag: "v7b98"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Thu, 25 Feb 2021 04:42:56 GMT

GET
H3-Q050 200 maxresdefault.webp
i.ytimg.com/vi_webp/nJSMJyRNvlM/ Frame 7B5F 68 KB
68 KB 35ms
21ms Image
image/webp 2a00:1450:4001:812::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/nJSMJyRNvlM/maxresdefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac6c089a5dd34bbeb3134d03cd123fb22c21720cac2617fda42d2d8567922a2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:45 GMT
x-content-type-options: nosniff
server: sffe
age: 2
etag: "0"
vary: Origin
content-type: image/webp
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69384
x-xss-protection: 0
expires: Mon, 01 Mar 2021 23:44:45 GMT

GET
H/1.1 200
OK .lp Show response
s-usc1c-nss-267.firebaseio.com/ Frame 6D42 70 B
311 B 113ms
113ms Script
application/javascript 2600:1901:0:94b6::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s-usc1c-nss-267.firebaseio.com/.lp?id=2837540&pw=3lCTrPjtw7&ser=32824797&ns=gitbook-28427&seg0=13&ts0=1&d0=eyJ0IjoiYyIsImQiOnsidCI6Im4iLCJkIjp7fX19

Requested by

Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

nginx /

Resource Hash

a65618ea6ceb126274d4a9b8defe4d8fa1da7fef8ade8e43c411c3cd381cb7f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 01 Mar 2021 21:44:47 GMT
Server: nginx
Connection: keep-alive
Content-Length: 70
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload
Content-Type: application/javascript; charset=utf-8

GET
H3-Q050 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 7B5F 4 KB
2 KB 67ms
52ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/player_ias.vflset/en_US/base.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Mon, 01 Mar 2021 21:44:47 GMT

GET
H3-Q050 204 generate_204
www.youtube.com/ Frame 7B5F 0
36 B 6ms
5ms Image
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?np_ZKg
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:47 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 chunk.966.9bcdd26c.js Show response
gstatic.gitbook.com/js/ 1 MB
135 KB 33ms
33ms Script
application/javascript 2606:4700::6812:86f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gstatic.gitbook.com/js/chunk.966.9bcdd26c.js
Requested by: Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb

Request headers

Referer: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/t1208-kerberoasting
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 01 Mar 2021 21:44:50 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5680022
cf-polished: origSize=1540766
x-guploader-uploadid: ABg5-UxUiCFrhpdpY-hDjFODmQZvKGUUxuASGOn2qumfeqk4mCyEZ-KuZamhSXzavg-B4lk7SU6RoIe1d4Ey76Jg7uBoGAvQ8A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
cf-request-id: 0891595b8100004aaf71200000000001
last-modified: Thu, 17 Dec 2020 11:33:02 GMT
server: cloudflare
etag: W/"1ee0a04f04f79506addc6f9cc9ade2c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-goog-hash: crc32c=6ui4QQ==, md5=HuCgTwT3lQat3G+cya3iwA==
x-goog-generation: 1608204782893591
access-control-allow-origin: *
expires: Sun, 26 Dec 2021 03:57:47 GMT
cache-control: public, max-age=31536000
x-goog-stored-content-length: 1540766
cf-ray: 629591a5988c4aaf-FRA
cf-bgj: minify

POST
H2 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 7B5F 28 B
191 B 18ms
17ms XHR
application/json 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4fe52f49/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 60
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/nJSMJyRNvlM?rel=0&start=16
X-YouTube-Client-Version: 1.20210224.1.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgtXOWlvdGw2UUpNcyjOwPWBBg%3D%3D
X-YouTube-Ad-Signals: dt=1614635086865&flash=0&frm=2&u_tz=60&u_his=2&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C750%2C422&vis=1&wgl=true&ca_type=image&bid=ANyPxKrHm1vJogP69iBd9QPVpOBOSuFZ-njilascBM0zNRGweTzeFYHBlSKDU70cRc0Jzm8P3viQ-JisUL-d0MAqzlJUzJ_Fxg

Response headers

date: Mon, 01 Mar 2021 21:44:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Mon, 01 Mar 2021 21:44:57 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.youtube.com
URL: https://www.youtube.com/api/stats/atr?ns=yt&el=embedded&cpn=9vIS4Gm27GM1WgGD&docid=nJSMJyRNvlM&ver=2&cmt=0&fs=0&rt=0&euri=https%3A%2F%2Fcdn.iframe.ly%2F&lact=728&cl=359382323&mos=0&volume=100&cbrand=apple&cbr=Chrome&cbrver=83.0.4103.61&c=WEB_EMBEDDED_PLAYER&cver=1.20210224.1.0&cplayer=UNIPLAYER&cos=Macintosh&cosver=10_14_5&cplatform=DESKTOP&hl=en_US&cr=DE&len=3149&fexp=23748147%2C23858058%2C23906500%2C23969934%2C23976578%2C23983297%2C23992808%2C23996624%2C24000882%2C24005870%2C24006796%2C24007246%2C24007901&vis=3

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1970-01-19 20:49:47	Name: VISITOR_INFO1_LIVE Value: W9iotl6QJMs
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: X-GXsKFkXXs
.ired.team/	1970-01-23 08:06:35	Name: amplitude_id_fef1e872c952688acd962d30aa545b9eired.team Value: eyJkZXZpY2VJZCI6ImU2ZTViYTM0LWMwNTEtNDI0Ny1iMWE0LTJjMGFmYmEwY2Q0OVIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTYxNDYzNTA4NTk1NCwibGFzdEV2ZW50VGltZSI6MTYxNDYzNTA4NTk1NCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9
.www.ired.team/	1970-01-19 17:13:47	Name: __cfduid Value: d737296704135c6e2a2999f16662c16291614635082

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://gstatic.gitbook.com/js/111.c1e0c47b.js(Line 1) Message: Application ready

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' gstatic.gitbook.com .gitbook-staging.com .gitbook.com .firebaseio.com wss://.firebaseio.com .cloudfunctions.net .googleapis.com .gstatic.com data: .google.com .github.com .algolianet.com .algolia.net sentry.io .logrocket.io .lr-ingest.io .stripe.com .clearbit.com .google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net .iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' .firebaseio.com .google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io .stripe.com .clearbit.com .google-analytics.com .iframe.ly .gstatic.com cdnjs.cloudflare.com .intercom.io .intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://.intercom-attachments.com; frame-src ; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adsecurity.org
app.gitbook.com
avatars3.githubusercontent.com
blog.stealthbits.com
blog.xpnsec.com
cdn.iframe.ly
cdn.lr-ingest.io
fonts.googleapis.com
fonts.gstatic.com
gblobscdn.gitbook.com
gitbook-28427.firebaseio.com
googleads.g.doubleclick.net
gstatic.gitbook.com
i.ytimg.com
lh5.googleusercontent.com
miro.medium.com
pentestlab.files.wordpress.com
polyfill.io
s-usc1c-nss-267.firebaseio.com
static.doubleclick.net
unpkg.com
www.gitbook.com
www.google-analytics.com
www.google.com
www.gstatic.com
www.ired.team
www.stealthbits.com
www.youtube.com
yt3.ggpht.com
www.youtube.com
13.224.195.44
185.199.108.133
192.0.72.28
209.59.132.164
2600:1901:0:94b6::
2606:4700:7::a29f:9804
2606:4700::6810:7caf
2606:4700::6812:86f
2606:4700::6812:91
2606:4700::6812:96f
2606:4700:e0::ac40:6402
2607:f1c0:100f:f000::2af
2a00:1450:4001:800::200a
2a00:1450:4001:801::2002
2a00:1450:4001:802::2003
2a00:1450:4001:802::200e
2a00:1450:4001:803::2003
2a00:1450:4001:808::2002
2a00:1450:4001:80e::2004
2a00:1450:4001:80e::2006
2a00:1450:4001:80e::2016
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2003
2a00:1450:4001:812::2001
2a00:1450:4001:812::2004
2a00:1450:4001:812::2016
2a00:1450:4001:827::200e
2a00:1450:4001:828::2006
2a00:1450:4001:829::2001
2a00:1450:4001:82b::2003
2a04:4e42:600::621
2a05:d014:275:cb02:66df:50b:6e56:a6bf
72.52.228.51
0080cb454fdee548ddf7fe5a570ec35de96ae2b2b1d5af2e178c0a717a35c423
084337b4bbbd1e1e5f06c0755f0d17421b55f8b9499f4c5244354405fb70cfa6
09bad523e3e6e79d428aef576c3d1684f53fc07e11deb863f314a8c0a68e2b55
0e923d808a9c6ed43c11f2acd015a95f9c0f92df579d4a56b512d293c7490f17
0ea7f67552244f518b3f156602b0520a922246a26dc926d379e11f9c6068683b
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
14eb64a86f2b60375df9a6f15f1c83b575317cf482f43f65783d2ef75da4105e
1bac465dbe36a6a5f725f53f09d918259380a22f8eed7c962ce1c8c035dfae80
20a4f440a1c26111e5f614be982d6777e6f03db763e08d01ca0f0318782636de
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
287572be6802ffc6473c727b9d6f06841decd2a052482df6182d58e8914ee126
2943b8f0cb7ea6bfd6c933a4fa39982c6fa01de274c2ada54047f59ecf20f7f5
2aadec2ec38b0ae066bbb15b8e91409c76ab81b914a688916450a091a545b256
2d619e1addf6b5ae77461e2ca5337064f47894441b8df71be6ad8fd5288a1aba
3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
5166350ff3cd1084b75855e8cc88e1c182a0447474b570907bc8296c774cabf5
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb
61e9722dd7241afd4ad652b66fa049697ab9ac1f17e7f8a8dce8a2d17c84dc57
63f125a8c639cc8b42ae13d1638af518eb975d83e1c0ec388832484945abc276
64620c4b38f39b52be7567a111c31cb9a516e243c6b689564e73103c69d3c2b5
64644512411dce196ad6269eb338150128d76182073a7216c82683a32f7e1adb
675bb787300bc56cda7d4c7b0df26ef50ef828f455b3c284219d62cf1e024725
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
69edbb4b8b9d84e5ba78c25df18225d073c2fe591970273a5e12582a40566ada
762293bd063a1db8a3acce093d104db94effd970b83fab92673f05715811f91b
7cee3a15b7511743d654a9f7286126303b0751c456f6021b982aaf6a2e586ec2
852218dbc1f970fb71973fdca726c940d0082203f0a1a875fac6e6a98b6edc7e
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec
87f128d0601eecb9a424a030723b4c0f9a482aac7b08ec853ec0491ead0aa02c
89870dd3cccade45cf8f960f1c2881676a7e15310c9fab0b5271d3dddf0184f5
97302540ac5e770e8a52955aee350ed64dc744ef11b0d82c820e8df18ddc353f
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405
a32bf57c9b424f2579110375a0df71ffce7a48774705c06053ebbe1a983e6a4c
a5cad3bbdbb13e0f3c2b268cc08385fa6713ee7dfd95e7f9f3c5dcd53166c986
a65618ea6ceb126274d4a9b8defe4d8fa1da7fef8ade8e43c411c3cd381cb7f6
a6fb626f0c4fa59ec4ad90dae6126dc7446b39bf8c9d5c4e1724654fdbccd858
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
ab4364ddaad5945c8e8bda24438197c51c2bd3c9ecc925f96b0472f09e8b7d20
ac6c089a5dd34bbeb3134d03cd123fb22c21720cac2617fda42d2d8567922a2d
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b0032ab02d0402ecc5ace5baf49542a8fa3b9d8949aee9cfa89026a2923ac969
b15819c89eec43f6a9f25d77a37dc02960dad46caa0dabe10699df1fccf45101
b43eefddc46de63527a3841ca2f1186bbd6468bc09e93676acecf09b1569ebf7
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2
bbf3664b91b2e00a22d44aad060c4edea7d03707cf4b0c698c0ddba8b5c57a94
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43
c6ab9197bbd0560d5f2b1d4c09464f4c1250d8f00fcd67e2d86f94a4129b60eb
cd817a0cafb3c9e43afd7ec29229df496af69f0b94c1c2d9e9cba9bb24b13516
d3343a4e8f05ab408911f4ea5f601801208a10a7d01f3a40a65bf4c6ec3900f9
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
dbe96c67621a0ea1f0145e4ff3729ebafe4e525768b92f892a7387ed1bbe014a
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
dec9a3e5952f27d6641cc7591e2fcc4c580d9673f8906f850305cacb64c38bab
df116936b708af0ed1e319ce231735cb2f10773aceb21c1bd2b8e0ab95b91421
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45ead1ba37d0be1cd14199b3d513237293aabb2175a26d73697d0e750322ab1
e728d119d23368fda40ec69c463f826ae532eba722f86f620e5ba12367f16ea1
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9
f048f038d6012c669879116aed276c59eaebd6cc4be66a4fddb8268ed700b7b8
f11343ffce0f354cec20c16b01522e0f980262fb500e3c81576c91e1e5f14151
f5b001a99b21678879ce79b79b5ff671b4924fd60409c12f683c1bf7fafcfdb8
f627b4db5fb9736c1229b3332d4ee13aea7fba2c68c4d0e7c5013269a80f8376
ff24cc396327955545e5cca845f403dfd7a441b2b74cc288ae902ddaa1c45218

www.ired.team Open in urlscan Pro 2606:4700::6812:91 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

113 Requests

98 %HTTPS

85 %IPv6

22 Domains

29 Subdomains

33 IPs

2 Countries

8782 kBTransfer

18082 kBSize

4 Cookies

18 Outgoing links

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.ired.team Open in urlscan Pro
2606:4700::6812:91 Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

98 %
HTTPS

85 %
IPv6

22
Domains

29
Subdomains

33
IPs

2
Countries

8782 kB
Transfer

18082 kB
Size

4
Cookies

113 HTTP transactions
2 data transactions