urlscan.io logo urlscan.io
SecurityTrails logo

www.harmj0y.net Open in urlscan Pro
104.145.225.3  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Submission Tags: falconsandbox
Submission: On December 09 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 6 domains to perform 51 HTTP transactions. The main IP is 104.145.225.3, located in Piscataway, United States and belongs to AS-DIGITALFYRE, US. The main domain is www.harmj0y.net.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 17th 2021. Valid for: 3 months.
This is the only time www.harmj0y.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

29    104.145.225.3 (Piscataway, United States)

ASN64245 (AS-DIGITALFYRE, US)
PTR: pandora.digitaldatacenter.net
www.harmj0y.net
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
7    2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    104.244.42.72 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
5    2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)
cdn.syndication.twimg.com
pbs.twimg.com
1    2606:2800:233:8173:898f:63b3:95c3:79d2 (United States)

ASN15133 (EDGECAST, US)
abs.twimg.com
3    2606:2800:233:7ee2:97c:ab4c:6c70:be36 (United States)

ASN15133 (EDGECAST, US)
ton.twimg.com
Domain Requested by
29 www.harmj0y.net www.harmj0y.net
7 platform.twitter.com www.harmj0y.net
platform.twitter.com
4 pbs.twimg.com
3 ton.twimg.com platform.twitter.com
ton.twimg.com
2 syndication.twitter.com 1 redirects platform.twitter.com
2 fonts.gstatic.com fonts.googleapis.com
1 abs.twimg.com
1 cdn.syndication.twimg.com platform.twitter.com
1 pixel.wp.com www.harmj0y.net
1 stats.wp.com www.harmj0y.net
1 fonts.googleapis.com www.harmj0y.net
51 11
Subject Issuer Validity Valid
harmj0y.net
cPanel, Inc. Certification Authority		 2021-11-17 -
2022-02-15		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.wp.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-02 -
2022-07-05		 2 years crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-20 -
2022-10-19		 a year crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh

This page contains 4 frames:

Primary Page: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Frame ID: 2CA7E9B16DD7DE03BC6AFC13B7BFF82A
Requests: 40 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.harmj0y.net
Frame ID: C29274C977D81E4ADFFCC3C77843C1AC
Requests: 2 HTTP requests in this frame

Frame: https://abs.twimg.com/emoji/v2/72x72/1f9e0.png
Frame ID: 2F2061D2CF846CFA2D6E3CBD28DD80D3
Requests: 13 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: 5C1E552530FEDC401F819864ED5BC6AD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Command and Control Using Active Directory - harmj0y Email

Page Statistics

51
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

11
Subdomains

10
IPs

2
Countries

1132 kB
Transfer

3084 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html

51 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/ 		323 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed / PHP/7.0.33
Resource Hash
d04f92637512a06237c61b25958eb732dd12098fbc30feb198c804dff7f3c86c
Security Headers
Name Value
X-Content-Type-Options nosniff,nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-powered-by
PHP/7.0.33
content-type
text/html; charset=UTF-8
x-pingback
https://www.harmj0y.net/blog/xmlrpc.php
link
<https://www.harmj0y.net/blog/wp-json/>; rel="https://api.w.org/" <https://www.harmj0y.net/blog/wp-json/wp/v2/posts/3027>; rel="alternate"; type="application/json" <https://wp.me/p4qDDn-MP>; rel=shortlink
etag
"898751-1639008374;br"
x-litespeed-cache
hit
content-encoding
br
vary
Accept-Encoding,User-Agent
date
Thu, 09 Dec 2021 00:28:42 GMT
server
LiteSpeed
pragma
public
cache-control
public, must-revalidate, proxy-revalidate,public, must-revalidate, proxy-revalidate
x-content-type-options
nosniff,nosniff
alt-svc
quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
crayon.min.css
www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/css/min/ 		20 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 11 May 2016 01:41:40 GMT
server
LiteSpeed
etag
"4ecc-57328dd4-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
3724
expires
Thu, 16 Dec 2021 00:28:42 GMT
classic.css
www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/themes/classic/ 		4 KB
724 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/themes/classic/classic.css?ver=_2.7.2_beta
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
01e43870a4218fe731a3516dd76725698c3aadfb285465086849c6b52ef71719

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 11 May 2016 01:41:40 GMT
server
LiteSpeed
etag
"1110-57328dd4-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
672
expires
Thu, 16 Dec 2021 00:28:42 GMT
monaco.css
www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/fonts/ 		529 B
264 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
8b33eebc11529672afc8f1ac6d5d4ef24bed8dfec1505a2510c805e0dd21565f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 11 May 2016 01:41:40 GMT
server
LiteSpeed
etag
"211-57328dd4-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
212
expires
Thu, 16 Dec 2021 00:28:42 GMT
main.min.css
www.harmj0y.net/blog/wp-content/themes/astra/assets/css/minified/ 		41 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/themes/astra/assets/css/minified/main.min.css?ver=3.6.6
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
be10d81e5cf62f6d5befd410c3ccd9c568d298c2185833c515967589a4d67ab4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 27 Jul 2021 18:26:47 GMT
server
LiteSpeed
etag
"a5ba-61004fe7-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
8005
expires
Thu, 16 Dec 2021 00:28:42 GMT
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C%7COxanium%3A400%2C&display=fallback&ver=3.6.6
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0000d650d46829d2811cab0df99087a51f04ebe7692ff2bac64b23e8a755219e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 09 Dec 2021 00:28:45 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 09 Dec 2021 00:28:45 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 09 Dec 2021 00:28:45 GMT
style.min.css
www.harmj0y.net/blog/wp-includes/css/dist/block-library/ 		79 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/css/dist/block-library/style.min.css?ver=5.8.2
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 27 Jul 2021 18:11:46 GMT
server
LiteSpeed
etag
"13abe-61004c62-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
9960
expires
Thu, 16 Dec 2021 00:28:42 GMT
mediaelementplayer-legacy.min.css
www.harmj0y.net/blog/wp-includes/js/mediaelement/ 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 10 May 2021 18:19:47 GMT
server
LiteSpeed
etag
"2bf8-60997943-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
2394
expires
Thu, 16 Dec 2021 00:28:42 GMT
wp-mediaelement.min.css
www.harmj0y.net/blog/wp-includes/js/mediaelement/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.8.2
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 03 Dec 2019 05:48:56 GMT
server
LiteSpeed
etag
"105a-5de5f748-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
982
expires
Thu, 16 Dec 2021 00:28:42 GMT
734e5f942.min.css
www.harmj0y.net/blog/wp-content/uploads/essential-addons-elementor/ 		329 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/essential-addons-elementor/734e5f942.min.css?ver=1639008373
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
e5941d48b4cb371b5f5a7a5cf0b2799ba23714314f39799571ca6b725a0c89c2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 11 May 2021 00:34:25 GMT
server
LiteSpeed
etag
"52373-6099d111-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
39666
expires
Thu, 16 Dec 2021 00:28:42 GMT
default.min.css
www.harmj0y.net/blog/wp-content/plugins/tablepress/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/tablepress/css/default.min.css?ver=1.14
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 21 Jul 2021 01:06:38 GMT
server
LiteSpeed
etag
"13e4-60f7731e-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
2016
expires
Thu, 16 Dec 2021 00:28:42 GMT
jetpack.css
www.harmj0y.net/blog/wp-content/plugins/jetpack/css/ 		85 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/jetpack/css/jetpack.css?ver=10.4
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
a6e9c02837fc4e15d5f6940b514eb5c52f7a752cdbb05862097e7239ad7366a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 08 Dec 2021 08:06:35 GMT
server
LiteSpeed
etag
"1540e-61b0678b-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
15868
expires
Thu, 16 Dec 2021 00:28:42 GMT
jquery.min.js
www.harmj0y.net/blog/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 27 Jul 2021 18:11:46 GMT
server
LiteSpeed
etag
"15db1-61004c62-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
30273
expires
Thu, 16 Dec 2021 00:28:42 GMT
jquery-migrate.min.js
www.harmj0y.net/blog/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 10 May 2021 18:19:47 GMT
server
LiteSpeed
etag
"2bd8-60997943-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
3995
expires
Thu, 16 Dec 2021 00:28:42 GMT
crayon.min.js
www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/js/min/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 11 May 2016 01:41:40 GMT
server
LiteSpeed
etag
"5741-57328dd4-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
6461
expires
Thu, 16 Dec 2021 00:28:42 GMT
Union-120x38.png
www.harmj0y.net/blog/wp-content/uploads/2021/05/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/2021/05/Union-120x38.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
9a197448b02f5190c3bf230430e42f7d9ce5d6357c711f4d57c7e1077d581730

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 08 Jun 2021 15:53:14 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
2305
expires
Thu, 16 Dec 2021 00:28:42 GMT
wp-emoji-release.min.js
www.harmj0y.net/blog/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/js/wp-emoji-release.min.js?ver=5.8.2
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 27 Jul 2021 18:11:46 GMT
server
LiteSpeed
etag
"4705-61004c62-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
4539
expires
Thu, 16 Dec 2021 00:28:42 GMT
comment-reply.min.js
www.harmj0y.net/blog/wp-includes/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/js/comment-reply.min.js?ver=5.8.2
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 10 May 2021 18:19:47 GMT
server
LiteSpeed
etag
"ba8-60997943-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
1228
expires
Thu, 16 Dec 2021 00:28:42 GMT
buttons.png
www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/css/images/toolbar/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/css/images/toolbar/buttons.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
630d0a3cc8f4c4aa7bf49b40ae6f59f3a137707e0d7bba46ba44e2e5f2c53aab

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 11 May 2016 01:41:40 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1836
expires
Thu, 16 Dec 2021 00:28:42 GMT
RrQPboN_4yJ0JmiMUW7sIGjd1IA9G81JfkiLD3U.woff2
fonts.gstatic.com/s/oxanium/v6/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oxanium/v6/RrQPboN_4yJ0JmiMUW7sIGjd1IA9G81JfkiLD3U.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C%7COxanium%3A400%2C&display=fallback&ver=3.6.6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b2b9b21bbe89adeaf68680f63f76e63b6e415cf5889842e3f0ac58f16e777a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.harmj0y.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 07 Dec 2021 14:13:51 GMT
x-content-type-options
nosniff
age
123294
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8044
x-xss-protection
0
last-modified
Thu, 18 Mar 2021 22:41:08 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 07 Dec 2022 14:13:51 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C%7COxanium%3A400%2C&display=fallback&ver=3.6.6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.harmj0y.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 13:39:48 GMT
x-content-type-options
nosniff
age
470937
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 03 Dec 2022 13:39:48 GMT
monaco-webfont.woff
www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco/monaco-webfont.woff
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
9c2e1d2864f53c224d6542bed9a1ab1de620dae21a2146eb4ff982dd8fcd4567

Request headers

Referer
https://www.harmj0y.net/blog/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
Origin
https://www.harmj0y.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
last-modified
Wed, 11 May 2016 01:41:40 GMT
server
LiteSpeed
accept-ranges
bytes
content-length
21372
vary
User-Agent
content-type
font/woff
personal_information_acl.png
www.harmj0y.net/blog/wp-content/uploads/2016/06/ 		32 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/2016/06/personal_information_acl.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
018b7a08d7907a60f8a75b89c0f5d58cd051ba1480174402cbe243a695d791c7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 20 Jun 2016 01:28:25 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
24757
expires
Thu, 16 Dec 2021 00:28:42 GMT
user_property_sizes.png
www.harmj0y.net/blog/wp-content/uploads/2016/06/ 		42 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/2016/06/user_property_sizes.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
b3f68aebd8abebafa965d43256f8f4a0919614c1d358c6e27cf6f0d72a31ddb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 20 Jun 2016 01:32:55 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
29991
expires
Thu, 16 Dec 2021 00:28:42 GMT
ad_payload_new-768x464.png
www.harmj0y.net/blog/wp-content/uploads/2016/08/ 		263 KB
262 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/2016/08/ad_payload_new-768x464.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
9bd44bde26830c955e63b123a0b8cb3b6ff8bd57de95501b895bf99b730cb45d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 15 Aug 2016 19:23:34 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
268555
expires
Thu, 16 Dec 2021 00:28:42 GMT
ad_payload_result-768x458.png
www.harmj0y.net/blog/wp-content/uploads/2016/08/ 		68 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/2016/08/ad_payload_result-768x458.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
ff5aa1bb79d1b4fb6a5b9c6dd2e5f75f807e7cd94e2e1c3c25213fb0c16bac7a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 15 Aug 2016 19:23:52 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
67124
expires
Thu, 16 Dec 2021 00:28:42 GMT
ad_payload_removal-768x165.png
www.harmj0y.net/blog/wp-content/uploads/2016/08/ 		54 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/2016/08/ad_payload_removal-768x165.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
37bc4c4679c36489e66aefbc5fdf46cc996ae695113e19ab70f0cf47cf6a9ff5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 15 Aug 2016 19:24:05 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
54629
expires
Thu, 16 Dec 2021 00:28:42 GMT
frontend.min.js
www.harmj0y.net/blog/wp-content/themes/astra/assets/js/minified/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.6.6
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
73055d8272f3a7987c4fceae38084d54996bfb29360f45ac01b06510b10be987

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 27 Jul 2021 18:26:47 GMT
server
LiteSpeed
etag
"41a4-61004fe7-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
3730
expires
Thu, 16 Dec 2021 00:28:42 GMT
734e5f942.min.js
www.harmj0y.net/blog/wp-content/uploads/essential-addons-elementor/ 		796 KB
183 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/essential-addons-elementor/734e5f942.min.js?ver=1639008373
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
bf807ef637bf4fb727e0ce4fcd0bd6135cc58deb869eb423db85a1c2a4f2e52f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Tue, 11 May 2021 00:34:25 GMT
server
LiteSpeed
etag
"c6fd0-6099d111-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
186831
expires
Thu, 16 Dec 2021 00:28:42 GMT
twitter-timeline.min.js
www.harmj0y.net/blog/wp-content/plugins/jetpack/_inc/build/ 		331 B
276 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 08 Dec 2021 08:06:35 GMT
server
LiteSpeed
etag
"14b-61b0678b-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
199
expires
Thu, 16 Dec 2021 00:28:42 GMT
wp-embed.min.js
www.harmj0y.net/blog/wp-includes/js/ 		1 KB
717 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.harmj0y.net/blog/wp-includes/js/wp-embed.min.js?ver=5.8.2
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Mon, 10 May 2021 18:19:47 GMT
server
LiteSpeed
etag
"592-60997943-0;br"
vary
Accept-Encoding,User-Agent,Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800,public, must-revalidate, proxy-revalidate
accept-ranges
bytes
content-length
663
expires
Thu, 16 Dec 2021 00:28:42 GMT
e-202149.js
stats.wp.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202149.js
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-nc
HIT ams
date
Thu, 09 Dec 2021 00:28:45 GMT
content-encoding
br
server
nginx
etag
W/"6197c5cf-3508"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
expires
Sun, 27 Nov 2022 23:03:11 GMT
SO-logo-300x119.png
www.harmj0y.net/blog/wp-content/uploads/2021/06/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.harmj0y.net/blog/wp-content/uploads/2021/06/SO-logo-300x119.png
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.145.225.3 Piscataway, United States, ASN64245 (AS-DIGITALFYRE, US),
Reverse DNS
pandora.digitaldatacenter.net
Software
LiteSpeed /
Resource Hash
4a8b68ea05f8700184289a3823c6bd3781c98678e1c50bdfabaf12d44dc7f8a6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:42 GMT
content-encoding
br
last-modified
Wed, 02 Jun 2021 20:58:15 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
8100
expires
Thu, 16 Dec 2021 00:28:42 GMT
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/wp-content/plugins/jetpack/_inc/build/twitter-timeline.min.js?ver=4.0.0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Thu, 09 Dec 2021 00:28:45 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Dec 2021 21:35:27 GMT
Server
ECS (frb/6738)
Age
281
Etag
"50ec7e701ed018305368886c39cac301+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
29126
g.gif
pixel.wp.com/ 		50 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&j=1%3A10.4&blog=65454229&post=3027&tz=-5&srv=www.harmj0y.net&host=www.harmj0y.net&ref=&fcp=797&rand=0.48933822900457735
Requested by
Host: www.harmj0y.net
URL: https://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 09 Dec 2021 00:28:45 GMT
cache-control
no-cache
server
nginx
content-length
50
content-type
image/gif
widget_iframe.21f942bb866c2823339b839747a0c50c.html
platform.twitter.com/widgets/ Frame C292 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.harmj0y.net
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6724) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
187903
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 09 Dec 2021 00:28:45 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Thu, 02 Dec 2021 21:34:18 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/6724)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
settings
syndication.twitter.com/ Frame C292 		232 B
447 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=62a4499a230d933d496fcc5bb969017d5de709fe
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.harmj0y.net
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-response-time
111
date
Thu, 09 Dec 2021 00:28:45 GMT
content-encoding
gzip
last-modified
Thu, 09 Dec 2021 00:28:46 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
6d73ea017cd42025d3f05b360df99871ef0f1b62d8265d23deb0b808ea480f9c
content-length
166
moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js
platform.twitter.com/js/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/moment~timeline.c7de492113f2eac2bb49ff9013aa2889.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
de8383d06a56f08749ed99ad3d43911fe88072a79e9148e2d1dead390f64893f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Thu, 09 Dec 2021 00:28:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Dec 2021 21:34:11 GMT
Server
ECS (frb/67BC)
Age
187904
Etag
"643f975645cfdfec2ae02aad7fbc9eea+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
8013
timeline.55167c7072ca7f4363bf18820295ba93.js
platform.twitter.com/js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/timeline.55167c7072ca7f4363bf18820295ba93.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
888bc5618973079f4a157c8c94b0afe382e7e957306429c5880e032c83fb8e0c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Thu, 09 Dec 2021 00:28:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Dec 2021 21:34:11 GMT
Server
ECS (frb/6738)
Age
187903
Etag
"9539ec9d4bc5c1e5b1953004a6456c51+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
6441
profile
cdn.syndication.twimg.com/timeline/ 		34 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.syndication.twimg.com/timeline/profile?callback=__twttr.callbacks.tl_i0_profile_harmj0y_old&dnt=false&domain=www.harmj0y.net&lang=en&screen_name=harmj0y&suppress_response_codes=true&t=1821121&tweet_limit=5&tz=GMT%2B0000&with_replies=false
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_f /
Resource Hash
661613f3c9624adfd4e8ea839e4a6526ffabbd04539532c12e991141bbaf0fed
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-disposition
attachment; filename=jsonp.jsonp
access-control-allow-methods
GET
content-length
4711
x-xss-protection
0
access-contol-allow-origin
platform.twitter.com
x-response-time
156
last-modified
Thu, 09 Dec 2021 00:28:46 GMT
server
tsa_f
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
application/javascript;charset=utf-8
cache-control
must-revalidate, max-age=300
x-connection-hash
672c2d3844f56d367a46069e627f408a1268dc44f0e27547949f941380a796a6
timing-allow-origin
*
x-transaction
cc95022aca62cdbc
expires
Thu, 09 Dec 2021 00:33:46 GMT
1f9e0.png
abs.twimg.com/emoji/v2/72x72/ Frame 2F20 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://abs.twimg.com/emoji/v2/72x72/1f9e0.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:8173:898f:63b3:95c3:79d2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C94) /
Resource Hash
4249c405e24649ca165ef27ef7548655549364b38082167eee5b7c6809286b96
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
x-content-type-options
nosniff
age
16386124
x-ton-expected-size
1267
x-cache
HIT
content-length
1267
x-response-time
10
surrogate-key
twitter-assets
last-modified
Fri, 02 Mar 2018 12:46:06 GMT
server
ECAcc (mil/6C94)
etag
"BLysrGLYzScVC1I2OXZ9rA=="
strict-transport-security
max-age=631138519
content-type
image/png
access-control-allow-origin
*
x-connection-hash
4095ca90279c6ecea573f002c20dab28
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Fri, 09 Dec 2022 00:28:46 GMT
timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.dark.ltr.css
platform.twitter.com/css/ Frame 2F20 		53 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.dark.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6796) /
Resource Hash
32ae1222c34ac8d4ca2dcd6455e4b25c789515cbc05291c565dc49c64c21675e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Thu, 09 Dec 2021 00:28:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Dec 2021 21:34:09 GMT
Server
ECS (frb/6796)
Age
187904
Etag
"436682de2fd3039cb30ca50d238371c0+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
text/css; charset=utf-8
Content-Length
12179
timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.dark.ltr.css
platform.twitter.com/css/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://platform.twitter.com/css/timeline.2fcb295ab98c2ce26f4cca0d2b2d0f48.dark.ltr.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (mil/6CEE) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Thu, 09 Dec 2021 00:28:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Dec 2021 21:34:09 GMT
Server
ECS (mil/6CEE)
Age
187906
Etag
"436682de2fd3039cb30ca50d238371c0+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
text/css; charset=utf-8
Content-Length
12179
ey97DmIO_normal.jpg
pbs.twimg.com/profile_images/1296215413680820224/ Frame 2F20 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/1296215413680820224/ey97DmIO_normal.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C1) /
Resource Hash
dcf0ca5fbff168bc343a4f8ab0d4dd3cc289733d73c846af6c78ee5fe0429e88
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
x-content-type-options
nosniff
age
573022
x-cache
HIT
content-length
2111
x-response-time
109
surrogate-key
profile_images profile_images/bucket/8 profile_images/1296215413680820224
last-modified
Wed, 19 Aug 2020 22:38:11 GMT
server
ECS (frb/67C1)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
31de16307c1207ff17fca3306d50ff53b06fb8c793ece0d5427e34c37e192818
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
-g84gQSC_normal.jpg
pbs.twimg.com/profile_images/793682606814400512/ Frame 2F20 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/793682606814400512/-g84gQSC_normal.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668D) /
Resource Hash
66c867ab59a42fbfc744f67e97303c07c943d664ec7e7e437cd866c89bfcc162
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
x-content-type-options
nosniff
age
147414
x-cache
HIT
content-length
2263
x-response-time
116
surrogate-key
profile_images profile_images/bucket/4 profile_images/793682606814400512
last-modified
Wed, 02 Nov 2016 05:12:14 GMT
server
ECS (frb/668D)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
d48d2f7ece92c8e24146956184fe7a2f2e380183fc7ac37c5a97e60fcfa22c21
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
bugcheck_normal.png
pbs.twimg.com/profile_images/1514161384/ Frame 2F20 		769 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/1514161384/bugcheck_normal.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
938da274578b4fc567385cd67f3b925ac40e24d5407034c7180e72d6ab35cfca
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
x-content-type-options
nosniff
age
57668
x-cache
HIT
content-length
769
x-response-time
117
surrogate-key
profile_images profile_images/bucket/8 profile_images/1514161384
last-modified
Thu, 04 Nov 2010 01:42:54 GMT
server
ECS (frb/67BC)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
3a3fd9322bd6f2d7eae1ce2f01b3492f3e6a0bca19dcac5b2c976adee76691ca
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
dG9Y4RhK_normal.jpg
pbs.twimg.com/profile_images/883033419827032065/ Frame 2F20 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.twimg.com/profile_images/883033419827032065/dG9Y4RhK_normal.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C2) /
Resource Hash
2192a8a11b3b0968c13f8933c5fdb91355f5584681429d76567cdbd4eda32fed
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
x-content-type-options
nosniff
age
233255
x-cache
HIT
content-length
2263
x-response-time
107
surrogate-key
profile_images profile_images/bucket/8 profile_images/883033419827032065
last-modified
Thu, 06 Jul 2017 18:40:27 GMT
server
ECS (frb/67C2)
strict-transport-security
max-age=631138519
x-tw-cdn
VZ, VZ
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=604800, must-revalidate
x-connection-hash
e58a61453558d82fad1032f1427065b461e1e04e1570053c44c5f1750d9b8521
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ Frame 2F20 		44 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC6) /
Resource Hash
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
562057
x-ton-expected-size
45170
x-cache
HIT
vary
Accept-Encoding
content-length
6839
x-response-time
8
surrogate-key
tfw
last-modified
Tue, 14 May 2019 18:53:54 GMT
server
ECAcc (frc/8FC6)
etag
"4mhImCFS9rptiUICNnLD1g=="
strict-transport-security
max-age=631138519
content-type
text/css
access-control-allow-origin
*
x-connection-hash
33a6f940b45e6f4ef0c29f0a3b4a18dc6b33f1773ce53998ea0c7a7664eab170
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Thu, 16 Dec 2021 00:28:46 GMT
syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
ton.twimg.com/tfw/css/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8FC6) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.harmj0y.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
562057
x-ton-expected-size
45170
x-cache
HIT
vary
Accept-Encoding
content-length
6839
x-response-time
8
surrogate-key
tfw
last-modified
Tue, 14 May 2019 18:53:54 GMT
server
ECAcc (frc/8FC6)
etag
"4mhImCFS9rptiUICNnLD1g=="
strict-transport-security
max-age=631138519
content-type
text/css
access-control-allow-origin
*
x-connection-hash
33a6f940b45e6f4ef0c29f0a3b4a18dc6b33f1773ce53998ea0c7a7664eab170
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Thu, 16 Dec 2021 00:28:46 GMT
truncated
/ Frame 2F20 		503 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aac05095d40ef0103466fa75159c0fcc72baf7f2ec1335e20d0ca05b7fdc919d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 2F20 		825 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7617ed30b8adef52b9e11ad72dd08abec0947acf8a609e599093efa9f83b28af

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 2F20 		739 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 2F20 		572 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d67cbe62c3c2c50fa3af647e3f7910c28a9927aeca37463ae28ffff9a240376d

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ Frame 2F20 		644 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46448909ce97ba850c6c0753a47bba758da621333b0fa3a11931a396a8bac43e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
news_stroke_v1_78ce5b21fb24a7c7e528d22fc25bd9f9df7f24e2.svg
ton.twimg.com/tfw/assets/ Frame 2F20 		829 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ton.twimg.com/tfw/assets/news_stroke_v1_78ce5b21fb24a7c7e528d22fc25bd9f9df7f24e2.svg
Requested by
Host: ton.twimg.com
URL: https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:7ee2:97c:ab4c:6c70:be36 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/8F54) /
Resource Hash
5c0f79d0286f1fd3db48e1b689358017b302c0f4babde540329e8c644cf119c7
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 09 Dec 2021 00:28:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
75508
x-ton-expected-size
829
x-cache
HIT
vary
Accept-Encoding
content-length
395
x-response-time
7
surrogate-key
tfw
last-modified
Tue, 14 May 2019 18:53:54 GMT
server
ECAcc (frc/8F54)
etag
"CTUg6L9PuY+d9h5xpE0zmw=="
strict-transport-security
max-age=631138519
content-type
image/svg+xml
access-control-allow-origin
*
x-connection-hash
f46cca97fd02f4f583379cdd3eb01299e8598a52e48d9a7cf5fb2d5a3726744b
accept-ranges
bytes
timing-allow-origin
https://twitter.com, https://mobile.twitter.com
expires
Thu, 16 Dec 2021 00:28:46 GMT
jot.html
platform.twitter.com/ Frame 5C1E
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
80 B
571 B 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/jot.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (mil/6CF7) /
Resource Hash
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.harmj0y.net
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
187907
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 09 Dec 2021 00:28:46 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Thu, 02 Dec 2021 21:35:27 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (mil/6CF7)
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
80

Redirect headers

date
Thu, 09 Dec 2021 00:28:46 GMT
pragma
no-cache
server
tsa_o
status
302 Found
expires
Tue, 31 Mar 1981 05:00:00 GMT
location
https://platform.twitter.com/jot.html
content-type
text/html;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified
Thu, 09 Dec 2021 00:28:46 GMT
x-transaction
651ef0c720d288ab
content-length
0
x-frame-options
SAMEORIGIN
x-xss-protection
0
x-content-type-options
nosniff
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
x-response-time
117
x-connection-hash
6d73ea017cd42025d3f05b360df99871ef0f1b62d8265d23deb0b808ea480f9c

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| _wpemojiSettings undefined| $ function| jQuery object| CrayonSyntaxSettings object| CrayonSyntaxStrings function| jQueryCrayon object| CrayonUtil object| jqueryPopup function| popupWindow function| popdownWindow object| CrayonSyntax object| addComment object| astra object| twemoji object| wp function| astraGetParents function| getParents function| astraToggleClass function| toggleClass function| astraTriggerEvent function| popupTriggerClick function| AstraToggleSubMenu function| AstraNavigationMenu function| AstraToggleMenu function| AstraToggleSetup function| astraNavMenuToggle object| localize function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Isotope function| Masonry function| Typed function| Plyr object| FullCalendarLocalesAll function| moment object| FullCalendar object| FullCalendarDayGrid object| FullCalendarTimeGrid object| FullCalendarList boolean| isEditMode object| ea object| _stq function| st_go function| linktracker_init object| wpcom string| currentURL string| currentDir object| GET object| __twttrll object| twttr object| __twttr number| link number| len

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff,nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abs.twimg.com
cdn.syndication.twimg.com
fonts.googleapis.com
fonts.gstatic.com
pbs.twimg.com
pixel.wp.com
platform.twitter.com
stats.wp.com
syndication.twitter.com
ton.twimg.com
www.harmj0y.net
104.145.225.3
104.244.42.72
192.0.76.3
2606:2800:134:fa2:1627:1fe:edb:1665
2606:2800:233:7ee2:97c:ab4c:6c70:be36
2606:2800:233:8173:898f:63b3:95c3:79d2
2606:2800:234:59:254c:406:2366:268c
2a00:1450:4001:829::2003
2a00:1450:4001:829::200a
0000d650d46829d2811cab0df99087a51f04ebe7692ff2bac64b23e8a755219e
018b7a08d7907a60f8a75b89c0f5d58cd051ba1480174402cbe243a695d791c7
01e43870a4218fe731a3516dd76725698c3aadfb285465086849c6b52ef71719
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
2192a8a11b3b0968c13f8933c5fdb91355f5584681429d76567cdbd4eda32fed
291b553dee180f838e513bf2580c9af27f8312320581e3c91029a7c4d5eb2fbc
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
32ae1222c34ac8d4ca2dcd6455e4b25c789515cbc05291c565dc49c64c21675e
37bc4c4679c36489e66aefbc5fdf46cc996ae695113e19ab70f0cf47cf6a9ff5
4249c405e24649ca165ef27ef7548655549364b38082167eee5b7c6809286b96
46448909ce97ba850c6c0753a47bba758da621333b0fa3a11931a396a8bac43e
4a8b68ea05f8700184289a3823c6bd3781c98678e1c50bdfabaf12d44dc7f8a6
4b2b9b21bbe89adeaf68680f63f76e63b6e415cf5889842e3f0ac58f16e777a4
4ed07f590bdfa9aa775dbfdef617d98e1e972d102d4289c7a68d3bd9118c280b
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c0f79d0286f1fd3db48e1b689358017b302c0f4babde540329e8c644cf119c7
630d0a3cc8f4c4aa7bf49b40ae6f59f3a137707e0d7bba46ba44e2e5f2c53aab
661613f3c9624adfd4e8ea839e4a6526ffabbd04539532c12e991141bbaf0fed
66c867ab59a42fbfc744f67e97303c07c943d664ec7e7e437cd866c89bfcc162
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
73055d8272f3a7987c4fceae38084d54996bfb29360f45ac01b06510b10be987
7617ed30b8adef52b9e11ad72dd08abec0947acf8a609e599093efa9f83b28af
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
888bc5618973079f4a157c8c94b0afe382e7e957306429c5880e032c83fb8e0c
8b33eebc11529672afc8f1ac6d5d4ef24bed8dfec1505a2510c805e0dd21565f
90214d135602962e47ea9587a7eeb62fac1c64a541e373ea76e2b4e8b33e3f88
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
938da274578b4fc567385cd67f3b925ac40e24d5407034c7180e72d6ab35cfca
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
9a197448b02f5190c3bf230430e42f7d9ce5d6357c711f4d57c7e1077d581730
9bd44bde26830c955e63b123a0b8cb3b6ff8bd57de95501b895bf99b730cb45d
9c2e1d2864f53c224d6542bed9a1ab1de620dae21a2146eb4ff982dd8fcd4567
a549034009f79ead18a2154a8b730d8acb61e2f36c0434c0f9cff0f73df5d8cf
a6e9c02837fc4e15d5f6940b514eb5c52f7a752cdbb05862097e7239ad7366a3
aac05095d40ef0103466fa75159c0fcc72baf7f2ec1335e20d0ca05b7fdc919d
b3f68aebd8abebafa965d43256f8f4a0919614c1d358c6e27cf6f0d72a31ddb7
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
be10d81e5cf62f6d5befd410c3ccd9c568d298c2185833c515967589a4d67ab4
bf807ef637bf4fb727e0ce4fcd0bd6135cc58deb869eb423db85a1c2a4f2e52f
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d04f92637512a06237c61b25958eb732dd12098fbc30feb198c804dff7f3c86c
d67cbe62c3c2c50fa3af647e3f7910c28a9927aeca37463ae28ffff9a240376d
dcf0ca5fbff168bc343a4f8ab0d4dd3cc289733d73c846af6c78ee5fe0429e88
de8383d06a56f08749ed99ad3d43911fe88072a79e9148e2d1dead390f64893f
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7
e5941d48b4cb371b5f5a7a5cf0b2799ba23714314f39799571ca6b725a0c89c2
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
ff5aa1bb79d1b4fb6a5b9c6dd2e5f75f807e7cd94e2e1c3c25213fb0c16bac7a