urlscan.io logo urlscan.io
SecurityTrails logo

blog.truesec.com Open in urlscan Pro
104.199.113.171  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-ac...
Effective URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-ac...
Submission: On July 03 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 9 domains to perform 39 HTTP transactions. The main IP is 104.199.113.171, located in The Dalles, United States and belongs to GOOGLE, US. The main domain is blog.truesec.com.
TLS certificate: Issued by R3 on May 30th 2021. Valid for: 3 months.
This is the only time blog.truesec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

27    104.199.113.171 (The Dalles, United States)

ASN15169 (GOOGLE, US)
PTR: 171.113.199.104.bc.googleusercontent.com
blog.truesec.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2600:9000:20eb:1200:1f:f723:6fc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
sc.lfeeder.com
Domain Requested by
27 blog.truesec.com blog.truesec.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com blog.truesec.com
2 maxcdn.bootstrapcdn.com blog.truesec.com
1 sc.lfeeder.com blog.truesec.com
1 www.googletagmanager.com blog.truesec.com
1 cdnjs.cloudflare.com blog.truesec.com
1 code.jquery.com blog.truesec.com
39 9

This site contains links to these domains. Also see Links.

Domain
www.truesec.com
geekweek.truesec.com
Subject Issuer Validity Valid
blog.truesec.com
R3		 2021-05-30 -
2021-08-28		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-06-07 -
2021-08-30		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-07 -
2021-08-30		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-06-07 -
2021-08-30		 3 months crt.sh
*.lfeeder.com
Amazon		 2020-09-04 -
2021-10-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Frame ID: 2D938E4BFAFE1A5F471ABB3FF5D1FCE0
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
  • script /\/wp-(?:content|includes)\//i
  • headers link /rel="https:\/\/api\.w\.org\/"/i
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

39
Requests

100 %
HTTPS

89 %
IPv6

9
Domains

9
Subdomains

10
IPs

3
Countries

602 kB
Transfer

1457 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/ 		38 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
4136624f81dad89e77e051efd8f75eb8107349b9e77be22b28204ba9a8ac7a84

Request headers

:method
GET
:authority
blog.truesec.com
:scheme
https
:path
/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
nginx
date
Sat, 03 Jul 2021 05:39:52 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding Accept-Encoding
expires
Wed, 11 Jan 1984 05:00:00 GMT
link
<https://blog.truesec.com/wp-json/>; rel="https://api.w.org/"
x-powered-by
WP Engine
x-cacheable
non200
cache-control
max-age=600, must-revalidate
x-cache
HIT: 1
x-cache-group
normal
content-encoding
br
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		141 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://blog.truesec.com
Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
6305400
cdn-cachedat
2021-04-21 07:51:34
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
c8378dedb93211bdbf16f3a44cec136b
cf-ray
668dc69fdea82be9-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
jquery-3.2.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Origin
https://blog.truesec.com
Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:52 GMT
content-encoding
gzip
last-modified
Mon, 20 Mar 2017 19:01:15 GMT
server
nginx
etag
W/"58d026fb-10fdd"
vary
Accept-Encoding
x-hw
1625290792.dop101.fr8.t,1625290792.cds263.fr8.hn,1625290792.cds257.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
23856
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Origin
https://blog.truesec.com
Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3233643
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
6157
cf-request-id
0a4bbcf9fe00004a912714b000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8W35vSXmH3792m57BpWAOoONp1RI88nAIA%2B3ZKCmrh717f4tUpwh%2F0H5wzM%2BzzuYOnHspg8i7xR9pFpCMU91HFlTcQTXxcwIYG0lCCZUbdYpuMChe7MT8L0MljeAGGdYMCDiLkGdj0NyxerBRw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
668dc69fddc74e67-FRA
expires
Thu, 23 Jun 2022 05:39:52 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://blog.truesec.com
Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
601, 617, 617
age
6121422
cdn-cachedat
2021-04-23 10:46:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
32039775f596d9d76dddf8e9887aa7b5
cf-ray
668dc69fdeaa2be9-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
quicklatex-format.css
blog.truesec.com/wp-content/plugins/wp-quicklatex/css/ 		2 KB
793 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/wp-quicklatex/css/quicklatex-format.css?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
4063f3cf2ee2dcc8f7bfda33ca4d43c43b6acbc5b6d52c5352ef6791b3d5ef02

Request headers

:path
/wp-content/plugins/wp-quicklatex/css/quicklatex-format.css?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 27 Nov 2019 08:53:50 GMT
server
nginx
etag
W/"5dde399e-883"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
all.min.css
blog.truesec.com/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/css/ 		46 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/css/all.min.css?ver=1604933574
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

:path
/wp-content/plugins/atomic-blocks/dist/assets/fontawesome/css/all.min.css?ver=1604933574
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Mon, 09 Nov 2020 14:52:54 GMT
server
nginx
etag
W/"5fa957c6-b752"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
style.min.css
blog.truesec.com/wp-includes/css/dist/block-library/ 		57 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Request headers

:path
/wp-includes/css/dist/block-library/style.min.css?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Tue, 06 Apr 2021 23:50:28 GMT
server
nginx
etag
W/"606cf3c4-e33b"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
blocks.style.build.css
blog.truesec.com/wp-content/plugins/atomic-blocks/dist/ 		44 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/atomic-blocks/dist/blocks.style.build.css?ver=1604933574
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
7aea74fa8de4d5a91fd7de7396b304a6e180d6395b8662e2932092d7138a40ed

Request headers

:path
/wp-content/plugins/atomic-blocks/dist/blocks.style.build.css?ver=1604933574
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Mon, 09 Nov 2020 14:52:54 GMT
server
nginx
etag
W/"5fa957c6-af72"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
blocks.style.build.css
blog.truesec.com/wp-content/plugins/metronet-profile-picture/dist/ 		27 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c

Request headers

:path
/wp-content/plugins/metronet-profile-picture/dist/blocks.style.build.css?ver=2.6.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 30 Jun 2021 11:18:23 GMT
server
nginx
etag
W/"60dc52ff-6c70"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
sfsi-style.css
blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/css/ 		93 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/css/sfsi-style.css?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
5940e4319dfebdb10c4ddbed233722577beabecf6090a327402980dcd5e20265

Request headers

:path
/wp-content/plugins/Ultimate-Premium-Plugin/css/sfsi-style.css?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Fri, 02 Jul 2021 08:48:05 GMT
server
nginx
etag
W/"60ded2c5-1738a"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
style.css
blog.truesec.com/wp-content/themes/twentytwenty/ 		124 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/themes/twentytwenty/style.css?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
e7bd72a704bfd5821e9006a496b971af6d41738c06d58fb90d206d46cd95ddea

Request headers

:path
/wp-content/themes/twentytwenty/style.css?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Mon, 06 Apr 2020 09:22:25 GMT
server
nginx
etag
W/"5e8af4d1-1f084"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
style.css
blog.truesec.com/wp-content/themes/twentytwenty-child/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/themes/twentytwenty-child/style.css?ver=1.0.0
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
a716372d21cd29a7859299821e3c24707ac260bcafc24328f3bc5af7674311d5

Request headers

:path
/wp-content/themes/twentytwenty-child/style.css?ver=1.0.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 20 May 2020 12:51:37 GMT
server
nginx
etag
W/"5ec527d9-1f3d"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
jquery.min.js
blog.truesec.com/wp-includes/js/jquery/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

:path
/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 07 Oct 2020 16:33:25 GMT
server
nginx
etag
W/"5f7dedd5-15d98"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
jquery-migrate.min.js
blog.truesec.com/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path
/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 18 Nov 2020 09:06:06 GMT
server
nginx
etag
W/"5fb4e3fe-2bd8"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
gtm4wp-form-move-tracker.js
blog.truesec.com/wp-content/plugins/duracelltomi-google-tag-manager/js/ 		2 KB
576 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.12.3
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
dfbdff6c9f2de2d75edb5ae49d26a9c0af81801b17de08739e32b738ef23058e

Request headers

:path
/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.12.3
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 12 May 2021 10:22:20 GMT
server
nginx
etag
W/"609bac5c-600"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
index.js
blog.truesec.com/wp-content/themes/twentytwenty/assets/js/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.0.0
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
d8c5d7e0d56720864abaa8eca08063553ccf883774f999ab9cfe24fde5650389

Request headers

:path
/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.0.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Mon, 06 Apr 2020 09:22:25 GMT
server
nginx
etag
W/"5e8af4d1-6236"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
wp-quicklatex-frontend.js
blog.truesec.com/wp-content/plugins/wp-quicklatex/js/ 		619 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/wp-quicklatex/js/wp-quicklatex-frontend.js?ver=1.0
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
e7b9e73338554c8f9cc6dc934fc765f21b7f12b42c3908b07347dfb5fb90f165

Request headers

:path
/wp-content/plugins/wp-quicklatex/js/wp-quicklatex-frontend.js?ver=1.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 27 Nov 2019 08:53:50 GMT
server
nginx
etag
W/"5dde399e-26b"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
TRUESEC_logo_blog.png
blog.truesec.com/wp-content/uploads/2021/05/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.truesec.com/wp-content/uploads/2021/05/TRUESEC_logo_blog.png
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
4cc8ca906a40312c92787fe981121171563e43dce2cd5f162202764cb1609ee4

Request headers

:path
/wp-content/uploads/2021/05/TRUESEC_logo_blog.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
last-modified
Thu, 27 May 2021 09:32:43 GMT
server
nginx
etag
"60af673b-2a51"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
10833
truesec-logo-white.png
blog.truesec.com/wp-content/themes/twentytwenty-child/assets/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.truesec.com/wp-content/themes/twentytwenty-child/assets/images/truesec-logo-white.png
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
13fca066ac881b1b4d4b82a54f8916e4f0c5149130d9c017e41a792d88c442c7

Request headers

:path
/wp-content/themes/twentytwenty-child/assets/images/truesec-logo-white.png
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
last-modified
Thu, 27 May 2021 09:34:34 GMT
server
nginx
etag
"60af67aa-19b8"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
6584
mpp-frontend.js
blog.truesec.com/wp-content/plugins/metronet-profile-picture/js/ 		331 B
417 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608

Request headers

:path
/wp-content/plugins/metronet-profile-picture/js/mpp-frontend.js?ver=2.6.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 30 Jun 2021 11:18:23 GMT
server
nginx
etag
W/"60dc52ff-14b"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
core.min.js
blog.truesec.com/wp-includes/js/jquery/ui/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Request headers

:path
/wp-includes/js/jquery/ui/core.min.js?ver=1.12.1
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Thu, 25 Mar 2021 20:02:19 GMT
server
nginx
etag
W/"605cec4b-5133"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
modernizr.custom.min.js
blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/modernizr.custom.min.js?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
27d5fb7155f99ca0f201d48485fba200c34c6ecd333d89a2f80f399efad21eb5

Request headers

:path
/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/modernizr.custom.min.js?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Fri, 02 Jul 2021 08:48:05 GMT
server
nginx
etag
W/"60ded2c5-c0f"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
jquery.shuffle.min.js
blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/jquery.shuffle.min.js?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
2051ec367c1be61480b94686061b4ecfe4365aa872b41f80cd208afb2602945a

Request headers

:path
/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/jquery.shuffle.min.js?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Fri, 02 Jul 2021 08:48:05 GMT
server
nginx
etag
W/"60ded2c5-2f6d"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
random-shuffle-min.js
blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/ 		1 KB
928 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/random-shuffle-min.js?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
30aa763639b91cec13bafb4649a956320321316e82f39205a9e948a6392cf8de

Request headers

:path
/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/random-shuffle-min.js?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Fri, 02 Jul 2021 08:48:05 GMT
server
nginx
etag
W/"60ded2c5-5e3"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
custom.js
blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/ 		84 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/custom.js?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
b5ae2d03397cd6815c56c712a503b4a34da53f8d675310d327ea5a0faafbf467

Request headers

:path
/wp-content/plugins/Ultimate-Premium-Plugin/js/custom.js?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Fri, 02 Jul 2021 08:48:05 GMT
server
nginx
etag
W/"60ded2c5-14f51"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
dismiss.js
blog.truesec.com/wp-content/plugins/atomic-blocks/dist/assets/js/ 		923 B
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/plugins/atomic-blocks/dist/assets/js/dismiss.js?ver=1604933574
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
91690ac97c038313496895a305a808da41d7702f5568ebc6b34a4c3cdd549961

Request headers

:path
/wp-content/plugins/atomic-blocks/dist/assets/js/dismiss.js?ver=1604933574
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Mon, 09 Nov 2020 14:52:54 GMT
server
nginx
etag
W/"5fa957c6-39b"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
wp-embed.min.js
blog.truesec.com/wp-includes/js/ 		1 KB
947 B 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-includes/js/wp-embed.min.js?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path
/wp-includes/js/wp-embed.min.js?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 06 Jan 2021 15:29:24 GMT
server
nginx
etag
W/"5ff5d754-592"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
wp-emoji-release.min.js
blog.truesec.com/wp-includes/js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Request headers

:path
/wp-includes/js/wp-emoji-release.min.js?ver=5.7.2
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Wed, 06 Jan 2021 15:29:24 GMT
server
nginx
etag
W/"5ff5d754-3795"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
print.css
blog.truesec.com/wp-content/themes/twentytwenty/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/themes/twentytwenty/print.css?ver=1.0.0
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
2193af07e37734d3adce890f316c5b226dae4f270d274107287748d40fb4a84b

Request headers

:path
/wp-content/themes/twentytwenty/print.css?ver=1.0.0
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
blog.truesec.com
referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
last-modified
Mon, 06 Apr 2020 09:22:25 GMT
server
nginx
etag
W/"5e8af4d1-ab3"
vary
Accept-Encoding Accept-Encoding Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway:300,400,500,600,700&display=swap
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/wp-content/themes/twentytwenty-child/style.css?ver=1.0.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
be2485c255f536a3de23ee51df7d32cf4677ba4303f53e6f76e2acdf9146fea7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 03 Jul 2021 05:02:39 GMT
server
ESF
date
Sat, 03 Jul 2021 05:39:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 03 Jul 2021 05:39:53 GMT
css
fonts.googleapis.com/ 		5 KB
568 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Muli:300,400,500,600,700&display=swap
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/wp-content/themes/twentytwenty-child/style.css?ver=1.0.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1c05e6d7abb45cd66e5086de2e13ac8968944a0ff4e0b4fee94bba41b22d79c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 03 Jul 2021 05:03:41 GMT
server
ESF
date
Sat, 03 Jul 2021 05:39:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 03 Jul 2021 05:39:53 GMT
gtm.js
www.googletagmanager.com/ 		85 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M5HQP86
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
07aad45bfcf7f1046ff502b4742d342a2125d8d6eddf4f7f3c09cb787f44a49a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34017
x-xss-protection
0
last-modified
Sat, 03 Jul 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 03 Jul 2021 05:39:53 GMT
7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v22/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:300,400,500,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.truesec.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 29 Jun 2021 19:48:00 GMT
x-content-type-options
nosniff
age
294713
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31120
x-xss-protection
0
last-modified
Wed, 15 Jul 2020 20:50:02 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 29 Jun 2022 19:48:00 GMT
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v22/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v22/1Ptug8zYS_SKggPNyC0ITw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway:300,400,500,600,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://blog.truesec.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 30 Jun 2021 01:03:12 GMT
x-content-type-options
nosniff
age
275801
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47312
x-xss-protection
0
last-modified
Tue, 29 Jun 2021 19:40:30 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 Jun 2022 01:03:12 GMT
Inter-upright-var.woff2
blog.truesec.com/wp-content/themes/twentytwenty/assets/fonts/inter/ 		219 KB
219 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://blog.truesec.com/wp-content/themes/twentytwenty/assets/fonts/inter/Inter-upright-var.woff2
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/wp-content/themes/twentytwenty/style.css?ver=5.7.2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.199.113.171 The Dalles, United States, ASN15169 (GOOGLE, US),
Reverse DNS
171.113.199.104.bc.googleusercontent.com
Software
nginx /
Resource Hash
e03c2df7ef439d2708bbc168a21c0a00da63e5664d286120c994c39644addd03

Request headers

:path
/wp-content/themes/twentytwenty/assets/fonts/inter/Inter-upright-var.woff2
pragma
no-cache
origin
https://blog.truesec.com
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
font
:authority
blog.truesec.com
referer
https://blog.truesec.com/wp-content/themes/twentytwenty/style.css?ver=5.7.2
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://blog.truesec.com
Referer
https://blog.truesec.com/wp-content/themes/twentytwenty/style.css?ver=5.7.2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 03 Jul 2021 05:39:53 GMT
last-modified
Mon, 06 Apr 2020 09:22:25 GMT
server
nginx
etag
"5e8af4d1-36a94"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
223892
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5HQP86
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
7071
date
Sat, 03 Jul 2021 03:42:02 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Sat, 03 Jul 2021 05:42:02 GMT
lftracker_v1_bElvO73RJyK8ZMqj.js
sc.lfeeder.com/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sc.lfeeder.com/lftracker_v1_bElvO73RJyK8ZMqj.js
Requested by
Host: blog.truesec.com
URL: https://blog.truesec.com/2021/06/30/exploitable-critical-rce-vulnerability-allow%20s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%205/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:1200:1f:f723:6fc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c88cc228e7504af3e6d8b2a371b28a68bc47024537bc6f58925e29cbf82d4cc7

Request headers

Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
rXJt8l9XNjJ7laQW4liJ1Ebjl4CE75WB
content-encoding
gzip
last-modified
Fri, 25 Jun 2021 09:50:10 GMT
server
AmazonS3
age
3043
etag
W/"8c7ae8df4efe8571e7e35aa40d0b72c6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 f797fc0ae68a3abc35e081e46174c9f2.cloudfront.net (CloudFront)
cache-control
max-age=3600
date
Sat, 03 Jul 2021 04:49:11 GMT
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
UKIwvUuftPpXFLbl2PXDTe30MrFNTv-uJJioU8K9eY_WRiQy-hdFzw==
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=447232840&t=pageview&_s=1&dl=https%3A%2F%2Fblog.truesec.com%2F2021%2F06%2F30%2Fexploitable-critical-rce-vulnerability-allow%2520s-regular-users-to-fully-compromise-active-directory-printnightmare-cve-2021-167%25205%2F&ul=en-us&de=UTF-8&dt=Page%20not%20found%20-%20TRUESEC%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=992753013&gjid=2137302717&cid=703952072.1625290794&tid=UA-10378001-53&_gid=391615176.1625290794&_r=1&gtm=2wg6u0M5HQP86&z=1943273220
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://blog.truesec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 03 Jul 2021 05:39:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.truesec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		71 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
186069134d483966274921a88b225458ba56902314f389b82e27a65735650cf1

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| gform function| $ function| jQuery function| Popper object| bootstrap string| gtm4wp_datalayer_name object| dataLayer object| _wpemojiSettings object| dataLayer_content function| submitSamlForm function| sfsi_plus_align_icons_center_orientation function| sfsi_plus_processfurther string| __limit function| sfsi_plus_setCookie function| sfsi_plus_getCookie function| sfsi_plus_eraseCookie function| sfsi_plusGetCurrentUTCTimestamp function| sfsi_plusGetCurrentTimestamp function| sfsi_plus_is_null_or_undefined number| __popTime function| sfsi_plusShallShowPopup function| sfsi_plus_hidemypopup function| atomicBlocksShare object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| ldfdr object| gaplugins object| gaGlobal object| gaData boolean| __discoverInitialized object| sfsi_premium_Modernizr function| Manipulator object| sfsi_premium_ajax_object object| twentytwenty function| twentytwentyDomReady function| twentytwentyToggleAttribute function| twentytwentyMenuToggle function| twentytwentyFindParents object| twemoji object| wp function| SFSI function| sfsi_premium_getUrlVars function| sfsiplus_showErrorSuc function| sfsiplus_beForeLoad function| sfsi_plus_make_popBox function| sfsi_plus_stick_widget function| sfsi_plus_float_widget function| sfsi_plus_shuffle function| sfsi_plus_shuffle_new function| sfsiplus_Shuffle function| sfsi_plus_hideFooter number| global_error function| sfsi_plus_update_iconcount function| sfsi_plus_changeIconWidth function| sfsi_plus_new_window_popup object| sfsiplus_initTop function| sfsi_hover_icon_handler function| force_initialize_fb_icons function| sfsi_premium_wechat_follow function| close_overlay function| sfsi_premium_wechat_share function| sfsi_premium_wechat_share_mobile function| sfsi_copy_text_parent_input function| sfsi_premium_fitText function| sfsi_premium_resize_icons_container function| escapeDoubleQuotes function| sfsi_premium_pinterest_modal_images function| sfsi_premium_pinterest_modal function| sfsi_premium_pinterest_absolute boolean| sfsi_premium_fittext_shouldDisplay

3 Cookies

Domain/Path Name / Value
.truesec.com/ Name: _gid
Value: GA1.2.391615176.1625290794
.truesec.com/ Name: _gat_UA-10378001-53
Value: 1
.truesec.com/ Name: _ga
Value: GA1.2.703952072.1625290794

2 Console Messages

Source Level URL
Text
console-api log URL: https://blog.truesec.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2
console-api log URL: https://blog.truesec.com/wp-content/plugins/Ultimate-Premium-Plugin/js/shuffle/random-shuffle-min.js?ver=5.7.2(Line 1)
Message:
random premium

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.truesec.com
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
sc.lfeeder.com
www.google-analytics.com
www.googletagmanager.com
104.199.113.171
2001:4de0:ac18::1:a:2a
2600:9000:20eb:1200:1f:f723:6fc0:93a1
2606:4700::6810:125e
2606:4700::6812:bcf
2a00:1450:4001:802::200a
2a00:1450:4001:810::2008
2a00:1450:4001:82a::200e
2a00:1450:4001:830::2003
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
07aad45bfcf7f1046ff502b4742d342a2125d8d6eddf4f7f3c09cb787f44a49a
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
13fca066ac881b1b4d4b82a54f8916e4f0c5149130d9c017e41a792d88c442c7
186069134d483966274921a88b225458ba56902314f389b82e27a65735650cf1
1c05e6d7abb45cd66e5086de2e13ac8968944a0ff4e0b4fee94bba41b22d79c5
2051ec367c1be61480b94686061b4ecfe4365aa872b41f80cd208afb2602945a
2101735d43a8d486dbc5139500a78420766cc673a3610363ce9525526c3f5149
2193af07e37734d3adce890f316c5b226dae4f270d274107287748d40fb4a84b
27d5fb7155f99ca0f201d48485fba200c34c6ecd333d89a2f80f399efad21eb5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
30aa763639b91cec13bafb4649a956320321316e82f39205a9e948a6392cf8de
4063f3cf2ee2dcc8f7bfda33ca4d43c43b6acbc5b6d52c5352ef6791b3d5ef02
4136624f81dad89e77e051efd8f75eb8107349b9e77be22b28204ba9a8ac7a84
4cc8ca906a40312c92787fe981121171563e43dce2cd5f162202764cb1609ee4
5940e4319dfebdb10c4ddbed233722577beabecf6090a327402980dcd5e20265
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7aea74fa8de4d5a91fd7de7396b304a6e180d6395b8662e2932092d7138a40ed
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
91690ac97c038313496895a305a808da41d7702f5568ebc6b34a4c3cdd549961
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a716372d21cd29a7859299821e3c24707ac260bcafc24328f3bc5af7674311d5
b5ae2d03397cd6815c56c712a503b4a34da53f8d675310d327ea5a0faafbf467
b695f4e09490004246d228e02338f9d3c4591273e1f35bb0ebe63607c860e608
be2485c255f536a3de23ee51df7d32cf4677ba4303f53e6f76e2acdf9146fea7
c88cc228e7504af3e6d8b2a371b28a68bc47024537bc6f58925e29cbf82d4cc7
cd00c79e4bbf06794b0851af6b891c002601933c8b9d0cef5bf18427c62c699c
d8c5d7e0d56720864abaa8eca08063553ccf883774f999ab9cfe24fde5650389
dfbdff6c9f2de2d75edb5ae49d26a9c0af81801b17de08739e32b738ef23058e
e03c2df7ef439d2708bbc168a21c0a00da63e5664d286120c994c39644addd03
e7b9e73338554c8f9cc6dc934fc765f21b7f12b42c3908b07347dfb5fb90f165
e7bd72a704bfd5821e9006a496b971af6d41738c06d58fb90d206d46cd95ddea
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b