tesserent.com Open in urlscan Pro
107.154.81.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://pure.security/dumping-windows-credentials/
Effective URL:
https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Submission: On February 08 via api (February 8th 2024, 3:18:34 pm UTC) from BE — Scanned from AU

Summary HTTP 143 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 21 domains to perform 143 HTTP transactions. The main IP is 107.154.81.3, located in United States and belongs to INCAPSULA, US. The main domain is tesserent.com.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on May 29th 2023. Valid for: a year.

This is the only time tesserent.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.62.219.149 52.62.219.149	16509 (AMAZON-02) (AMAZON-02)
30	107.154.81.3 107.154.81.3	19551 (INCAPSULA) (INCAPSULA)
6	23.55.38.66 23.55.38.66	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	172.217.167.72 172.217.167.72	15169 (GOOGLE) (GOOGLE)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.191.89 104.16.191.89	13335 (CLOUDFLAR...) (CLOUDFLARENET)
71	18.67.93.111 18.67.93.111	16509 (AMAZON-02) (AMAZON-02)
4	172.217.24.46 172.217.24.46	15169 (GOOGLE) (GOOGLE)
2	23.32.5.109 23.32.5.109	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	104.17.89.154 104.17.89.154	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.229.163 104.17.229.163	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.78.186 104.16.78.186	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.153.27 172.64.153.27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.176.125 104.18.176.125	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.204.204 104.17.204.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.19.154.83 104.19.154.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	3.94.218.138 3.94.218.138	14618 (AMAZON-AES) (AMAZON-AES)
1	172.217.24.34 172.217.24.34	15169 (GOOGLE) (GOOGLE)
1	142.251.221.68 142.251.221.68	15169 (GOOGLE) (GOOGLE)
1	172.217.24.35 172.217.24.35	15169 (GOOGLE) (GOOGLE)
143	21

1 52.62.219.149 (Sydney, Australia) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-62-219-149.ap-southeast-2.compute.amazonaws.com

pure.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 107.154.81.3 (United States)

ASN19551 (INCAPSULA, US)
PTR: 107.154.81.3.ip.incapdns.net

tesserent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.55.38.66 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-55-38-66.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.167.72 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s06-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.191.89 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

71 18.67.93.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-93-111.syd62.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.24.46 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.32.5.109 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-5-109.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.89.154 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.229.163 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.78.186 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.153.27 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.176.125 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.204.204 (None, )

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.154.83 (None, )

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
customer.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.24.34 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f34.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.221.68 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.24.35 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f3.1e100.net

www.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	driftt.com js.driftt.com — Cisco Umbrella Rank: 5986	920 KB
30	tesserent.com tesserent.com	2 MB
7	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 6755 customer.api.drift.com — Cisco Umbrella Rank: 7297 metrics.api.drift.com — Cisco Umbrella Rank: 6676 event.api.drift.com	5 KB
6	typekit.net use.typekit.net — Cisco Umbrella Rank: 475 p.typekit.net — Cisco Umbrella Rank: 589	60 KB
5	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 631	3 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	410 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	66 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4529 forms.hscollectedforms.net — Cisco Umbrella Rank: 4613	26 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 792	31 KB
1	google.com.au www.google.com.au — Cisco Umbrella Rank: 30423	455 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	455 B
1	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	2 KB
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2290	1 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3407	1 KB
1	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4299	1015 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2168	23 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2161	21 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3115	4 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2390	1 KB
1	pure.security 1 redirects pure.security	176 B
143	21

	Domain	Requested by
71	js.driftt.com	tesserent.com js.driftt.com
30	tesserent.com	tesserent.com
5	www.googletagmanager.com	tesserent.com www.googletagmanager.com js.hsadspixel.net
5	use.typekit.net	tesserent.com use.typekit.net
4	px.ads.linkedin.com	2 redirects snap.licdn.com tesserent.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	cdnjs.cloudflare.com	tesserent.com
2	event.api.drift.com	js.driftt.com
2	customer.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	snap.licdn.com	www.googletagmanager.com js.hsadspixel.net
1	metrics.api.drift.com	js.driftt.com
1	www.google.com.au
1	www.google.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	track.hubspot.com
1	api.hubapi.com	js.hsadspixel.net
1	forms.hsforms.com	tesserent.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	p.typekit.net	use.typekit.net
1	www.linkedin.com	1 redirects
1	js.hs-scripts.com	tesserent.com
1	pure.security	1 redirects
143	27

This site contains links to these domains. Also see Links.

Domain
tesserent.service-now.com
www.facebook.com
www.linkedin.com
twitter.com
bernardodamele.blogspot.com.au
code.google.com
ophcrack.sourceforge.net
www.openwall.com
hashcat.net
en.wikipedia.org
openwall.info
www.ampliasecurity.com
carnal0wnage.attackresearch.com
blog.gentilkiwi.com
technet.microsoft.com
github.com
www.nirsoft.net
nirsoft.net
www.pentestgeek.com
www.samba.org
files.securusglobal.com
support.pure.security
www.lateralsecurity.com
www.loopsec.com.au
northsd.com.au
www.seersec.com.au
www.thepearsoncorporation.com.au

Subject Issuer	Validity	Valid
*.tesserent.com RapidSSL TLS RSA CA G1	`2023-05-29` - `2024-06-10`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-01` - `2025-03-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.google.com.au GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Frame ID: E9F1324627EBE7E9A174E7996A383824
Requests: 65 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
Frame ID: 94EC3117033A06DF6FB2E9DDEA899E7C
Requests: 39 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
Frame ID: 8F6048583B3BB73FA3EA17C283FF02A7
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dumping Windows Credentials | Tesserent Groupsearchsearch

Page URL History Show full URLs

https://pure.security/dumping-windows-credentials/ HTTP 301
https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_mediu... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

143
Requests

99 %
HTTPS

0 %
IPv6

21
Domains

27
Subdomains

21
IPs

3
Countries

3473 kB
Transfer

6936 kB
Size

25
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: https://tesserent.service-now.com/csm
Title: Support

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://tesserent.com/insights/blog/dumping-windows-credentials

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://tesserent.com/insights/blog/dumping-windows-credentials

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://tesserent.com/insights/blog/dumping-windows-credentials

Search URL Search Domain Scan URL

URL: http://bernardodamele.blogspot.com.au/
Title: blog

Search URL Search Domain Scan URL

URL: http://code.google.com/p/impacket/source/browse/trunk/examples/secretsdump.py
Title: secretsdump

Search URL Search Domain Scan URL

URL: http://ophcrack.sourceforge.net/
Title: Ophcrack

Search URL Search Domain Scan URL

URL: http://www.openwall.com/john/
Title: JtR

Search URL Search Domain Scan URL

URL: http://hashcat.net/
Title: hashcat

Search URL Search Domain Scan URL

URL: http://en.wikipedia.org/wiki/Pass_the_hash
Title: pass the hash

Search URL Search Domain Scan URL

URL: http://openwall.info/wiki/john/MSCash
Title: mscash

Search URL Search Domain Scan URL

URL: http://openwall.info/wiki/john/MSCash2
Title: mscash2

Search URL Search Domain Scan URL

URL: http://code.google.com/p/passing-the-hash/
Title: pth

Search URL Search Domain Scan URL

URL: http://www.ampliasecurity.com/research/wcefaq.html
Title: wce

Search URL Search Domain Scan URL

URL: http://carnal0wnage.attackresearch.com/2012/10/group-policy-preferences-and-getting.html
Title: decrypted

Search URL Search Domain Scan URL

URL: http://blog.gentilkiwi.com/securite/mimikatz/minidump
Title: mimikatz

Search URL Search Domain Scan URL

URL: http://technet.microsoft.com/en-au/sysinternals/dd996900.aspx
Title: Procdump

Search URL Search Domain Scan URL

URL: https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Out-Minidump.ps1
Title: powershell-fu

Search URL Search Domain Scan URL

URL: http://carnal0wnage.attackresearch.com/2013/07/mimikatz-minidump-and-mimikatz-via-bat.html
Title: carnal0wnage

Search URL Search Domain Scan URL

URL: http://blog.gentilkiwi.com/wp-content/uploads/2013/04/minidump_matrix.png
Title: this

Search URL Search Domain Scan URL

URL: http://www.nirsoft.net/utils/network_password_recovery.html
Title: Network Password Recovery

Search URL Search Domain Scan URL

URL: http://www.nirsoft.net/utils/netpass-x64.zip
Title: 64-bit version

Search URL Search Domain Scan URL

URL: http://www.nirsoft.net/utils/pspv.html
Title: Protected Storage PassView

Search URL Search Domain Scan URL

URL: http://nirsoft.net/utils/index.html#password_utils
Title: tools

Search URL Search Domain Scan URL

URL: http://technet.microsoft.com/en-us/library/cc753343.aspx
Title: ntdsutil

Search URL Search Domain Scan URL

URL: http://www.pentestgeek.com/2013/01/10/psexec_command-not-your-daddys-psexec/
Title: howto

Search URL Search Domain Scan URL

URL: http://technet.microsoft.com/en-us/library/hh875546.aspx
Title: esentutl

Search URL Search Domain Scan URL

URL: http://code.google.com/p/impacket/source/detail?r=961
Title: r961

Search URL Search Domain Scan URL

URL: http://www.samba.org/
Title: Samba

Search URL Search Domain Scan URL

URL: http://files.securusglobal.com/samba-4.1.0_replication-only-patch.txt
Title: patch

Search URL Search Domain Scan URL

URL: http://files.securusglobal.com/samba-pwdump.py
Title: samba-pwdump.py

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/tesserent/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/tesserent
Title: Twitter

Search URL Search Domain Scan URL

URL: https://support.pure.security/hc/en-us?__hstc=236389406.dc5bc400f3433319b57deb3bc27ba7b1.1707405510089.1707405510089.1707405510089.1&__hssc=236389406.1.1707405510089&__hsfp=213758080
Title: Support Portal

Search URL Search Domain Scan URL

URL: https://www.lateralsecurity.com/
Title: Lateral Security

Search URL Search Domain Scan URL

URL: https://www.loopsec.com.au/
Title: Loop Secure

Search URL Search Domain Scan URL

URL: https://northsd.com.au/
Title: north

Search URL Search Domain Scan URL

URL: https://www.seersec.com.au/
Title: Seer Security

Search URL Search Domain Scan URL

URL: https://www.thepearsoncorporation.com.au/
Title: Pearson Corporation

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pure.security/dumping-windows-credentials/ HTTP 301
https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3776012%26time%3D1707405508133%26url%3Dhttps%253A%252F%252Ftesserent.com%252Finsights%252Fblog%252Fdumping-windows-credentials%253Futm_source%253Dpure.security%2526utm_medium%253D301%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&tm=gtmv2&cookiesTest=true&liSync=true

143 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request dumping-windows-credentials Show response
tesserent.com/insights/blog/
Redirect Chain

https://pure.security/dumping-windows-credentials/
https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

138 KB
25 KB

124ms
102ms

Document
text/html

107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.154.81.3 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

107.154.81.3.ip.incapdns.net

Software

nginx /

Resource Hash

ad73a6a82829247d43d39d401432c480062a70c4ebf43d87c27652e660c6133e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 08 Feb 2024 15:18:27 GMT
link: <https://tesserent.com/insights/blog/dumping-windows-credentials>; rel="canonical"
server: nginx
strict-transport-security: max-age=31536000;
x-cdn: Imperva
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-iinfo: 13-68267218-68267220 NNNN CT(1 5 0) RT(1707405506483 5) q(0 0 0 0) r(1 1) U12

Redirect headers

content-length: 0
content-type: application/octet-stream
date: Thu, 08 Feb 2024 15:18:26 GMT
location: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
server: awselb/2.0
strict-transport-security: max-age=31536000

GET
H2 200 main.css
tesserent.com/styles/ 223 KB
28 KB 12ms
11ms Stylesheet
text/css 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://tesserent.com/styles/main.css?v=2.9.5
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 7bdb4df8b9e89ce3fedf097a384cf33a506bc8914822be4794971d8a77d1fdc1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
content-encoding: gzip
last-modified: Tue, 23 Jan 2024 23:52:52 GMT
x-cdn: Imperva
etag: "65b05154-37d5e"
content-type: text/css
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 119) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=314572002, public
content-length: 28130
expires: Fri, 27 Jan 2034 12:25:08 GMT

GET
H2 200 dwg7avv.css
use.typekit.net/ 3 KB
942 B 842ms
292ms Stylesheet
text/css 23.55.38.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/dwg7avv.css

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.38.66 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-55-38-66.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0cf5d52f67ae2abd5e7d4f4f078ec76ffa39eb58badc33c745c269cb21d92425

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 08 Feb 2024 15:18:27 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 720

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
92 KB 1007ms
603ms Script
application/javascript 172.217.167.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V2BNZQ8925

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b719f176934484af274e2cce8cc00fa7af0984776f14bb25936001b48e507177

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93902
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 08 Feb 2024 15:18:28 GMT

GET
H2 200 fta5prn.css
use.typekit.net/ 3 KB
939 B 1409ms
859ms Stylesheet
text/css 23.55.38.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/fta5prn.css

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.38.66 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-55-38-66.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d8efe59cc362d7078a5cf2605c42336afe5e3d32657c46aa95a9b7b42b9c1ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 08 Feb 2024 15:18:28 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 716

GET
H2 200 tesserent-thales-logo.webp
tesserent.com/assets/template/_1920xAUTO_crop_center-center_80_none/224228/ 39 KB
39 KB 20ms
19ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/template/_1920xAUTO_crop_center-center_80_none/224228/tesserent-thales-logo.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: cfe7944953b537c627a1378d2d55937165f404d03963139c623f5bf1edd6bb66

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Mon, 18 Dec 2023 04:32:27 GMT
x-cdn: Imperva
etag: "657fcb5b-9a78"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 128) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=50703, public
content-length: 39544
expires: Fri, 09 Feb 2024 05:23:29 GMT

GET
H2 200 image.webp
tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/41517/ 7 KB
7 KB 22ms
22ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/41517/image.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: b54e95b6ef95f1ea9fc9cdad6dab9bf804f2dd972a0632cae9f65cc6c9f27d5c

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 20 Sep 2023 23:50:15 GMT
x-cdn: Imperva
etag: "650b8537-1c9e"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 131) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=21831, public
content-length: 7326
expires: Thu, 08 Feb 2024 21:22:17 GMT

GET
H2 200 shutterstock_711609931.webp
tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/69271/ 8 KB
8 KB 4ms
4ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/69271/shutterstock_711609931.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: cc313ba9c9a3e07fdbaf746f9a3ca73ddb646b2a3f1779922f7cfea67ba2e8fd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Fri, 24 Nov 2023 02:17:24 GMT
x-cdn: Imperva
etag: "656007b4-20da"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 137) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=19829, public
content-length: 8410
expires: Thu, 08 Feb 2024 20:48:55 GMT

GET
H2 200 Cloud.webp
tesserent.com/assets/main/_320xAUTO_crop_center-center_none/217476/ 8 KB
8 KB 6ms
6ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/_320xAUTO_crop_center-center_none/217476/Cloud.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 46c639ed12c0bfb0aa5b5ee024e58112e371e3a45ef3d0df33b64fb7a6a0c063

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 13 Sep 2023 06:28:41 GMT
x-cdn: Imperva
etag: "65015699-2158"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 140) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=21831, public
content-length: 8536
expires: Thu, 08 Feb 2024 21:22:17 GMT

GET
H2 200 phishing-6573326.webp
tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/81025/ 3 KB
4 KB 13ms
6ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/81025/phishing-6573326.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 6866e1af082074effe82f93fc95f0176ba08afb107b3e135154517f954490789

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 12 Jul 2023 23:39:24 GMT
x-cdn: Imperva
etag: "64af39ac-dd6"
content-type: image/webp
x-iinfo: 13-68267218-68263994 2CNN RT(1707405506483 154) q(0 0 0 -1) r(0 0)
cache-control: max-age=79693, public
content-length: 3542
expires: Fri, 09 Feb 2024 13:26:39 GMT

GET
H2 200 iStock-496524660-RT.webp
tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/10534/ 21 KB
21 KB 11ms
5ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/10534/iStock-496524660-RT.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: ddc14efbca9bc150b0bdf8022cec88fe0ae7faca1f86dd5e9ed908f6edbc0886

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 12 Jul 2023 23:39:24 GMT
x-cdn: Imperva
etag: "64af39ac-5212"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 156) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=19830, public
content-length: 21010
expires: Thu, 08 Feb 2024 20:48:56 GMT

GET
H2 200 physical-security.webp
tesserent.com/assets/main/_320xAUTO_crop_center-center_none/43127/ 6 KB
6 KB 12ms
6ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/_320xAUTO_crop_center-center_none/43127/physical-security.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 492d8139a0a1df2de4a7c0d80323c04a9514e8f0742f9456ba04f00b9fcd9115

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 12 Jul 2023 23:39:25 GMT
x-cdn: Imperva
etag: "64af39ad-184c"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 158) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=19830, public
content-length: 6220
expires: Thu, 08 Feb 2024 20:48:56 GMT

GET
H2 200 shutterstock_591644807.webp
tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/69272/ 12 KB
12 KB 13ms
7ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/69272/shutterstock_591644807.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 58d24dbf6eb89644f23f4d419b0a020e2047d1463bdb133f27fbb14665b0dd74

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 22 Nov 2023 05:08:32 GMT
x-cdn: Imperva
etag: "655d8cd0-2ef6"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 159) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=19830, public
content-length: 12022
expires: Thu, 08 Feb 2024 20:48:56 GMT

GET
H2 200 shutterstock_174966389-Web.webp
tesserent.com/assets/main/_320xAUTO_crop_center-center_none/198094/ 6 KB
6 KB 16ms
11ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/_320xAUTO_crop_center-center_none/198094/shutterstock_174966389-Web.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 7095d0e2b564071b77768a9a5c6ea7911d813d3cbb4cff1cf0834665fdb60cbc

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Mon, 31 Jul 2023 01:35:57 GMT
x-cdn: Imperva
etag: "64c70ffd-1898"
content-type: image/webp
x-iinfo: 13-68267218-68263994 2CNN RT(1707405506483 161) q(0 0 0 -1) r(0 0)
cache-control: max-age=79693, public
content-length: 6296
expires: Fri, 09 Feb 2024 13:26:39 GMT

GET
H2 200 Claroty.webp
tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/35947/ 12 KB
12 KB 15ms
9ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/35947/Claroty.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 4685c5005b6426341771992f54aa26f0fb9428329b68cd95359c83685513c9f2

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Fri, 24 Nov 2023 02:25:16 GMT
x-cdn: Imperva
etag: "6560098c-3014"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 162) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=19831, public
content-length: 12308
expires: Thu, 08 Feb 2024 20:48:57 GMT

GET
H2 200 pexels-scott-webb-137602-1.webp
tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/17837/ 4 KB
4 KB 15ms
10ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/17837/pexels-scott-webb-137602-1.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 8985cbddbd5efbc6442e3f35a0dc204c3eb3475f4ca595a10256174a6fe792ff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 12 Jul 2023 23:39:26 GMT
x-cdn: Imperva
etag: "64af39ae-e04"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 163) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=19831, public
content-length: 3588
expires: Thu, 08 Feb 2024 20:48:57 GMT

GET
H2 200 image-000.webp
tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/16417/ 8 KB
9 KB 17ms
11ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Insights-Images/_320xAUTO_crop_center-center_none/16417/image-000.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: c6077ce4a1d852351ea0726214b7c07cd487591f88c7f544413c07e34164a83a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 12 Jul 2023 23:39:21 GMT
x-cdn: Imperva
etag: "64af39a9-2198"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 164) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=21832, public
content-length: 8600
expires: Thu, 08 Feb 2024 21:22:18 GMT

GET
H2 200 vicparliament.webp
tesserent.com/assets/main/_320xAUTO_crop_center-center_none/212088/ 15 KB
15 KB 17ms
12ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/_320xAUTO_crop_center-center_none/212088/vicparliament.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 51bf72f312f410abf746939bad038f336a772c922817d058aa93c4d5be10794f

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Fri, 01 Sep 2023 00:03:02 GMT
x-cdn: Imperva
etag: "64f12a36-3c5e"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 165) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=15327, public
content-length: 15454
expires: Thu, 08 Feb 2024 19:33:53 GMT

GET
H2 200 Managed-Technology-and-Security-Services.webp
tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/33579/ 8 KB
8 KB 19ms
14ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/33579/Managed-Technology-and-Security-Services.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: adad94a352232dc30ad61ca7aed4ad1138d3d2c511410f6e969c1fc11ef3e0c4

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Fri, 24 Nov 2023 01:43:48 GMT
x-cdn: Imperva
etag: "655fffd4-2042"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 166) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=19831, public
content-length: 8258
expires: Thu, 08 Feb 2024 20:48:57 GMT

GET
H2 200 Cribl.webp
tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/35948/ 6 KB
6 KB 20ms
15ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Stock-Images/_320xAUTO_crop_center-center_none/35948/Cribl.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 834248c40036ddb3089729210c9587abd79700a044376db2d11f38d5d96ec09f

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 20 Sep 2023 23:50:11 GMT
x-cdn: Imperva
etag: "650b8533-1880"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 167) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=21831, public
content-length: 6272
expires: Thu, 08 Feb 2024 21:22:17 GMT

GET
H2 200 yannick-pipke-hHIk58IC2vI-unsplash.webp
tesserent.com/assets/main/Insights-Images/_1920xAUTO_crop_center-center_80_none/56152/ 110 KB
110 KB 27ms
22ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tesserent.com/assets/main/Insights-Images/_1920xAUTO_crop_center-center_80_none/56152/yannick-pipke-hHIk58IC2vI-unsplash.webp

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.154.81.3 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

107.154.81.3.ip.incapdns.net

Software

nginx /

Resource Hash

21cac30de7f4bbf46d2a40386b03d4710ad4507e484442b345f3ebfaac0cd20f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:27 GMT
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
last-modified: Wed, 12 Jul 2023 23:58:25 GMT
server: nginx
x-cdn: Imperva
etag: "64af3e21-1b87a"
x-frame-options: SAMEORIGIN
content-type: image/webp
x-iinfo: 13-68267218-68267220 PNNN RT(1707405506483 168) q(0 0 0 -1) r(0 0) U18
accept-ranges: bytes
content-length: 112762

GET
H2 200 tess-head-4-min.webp
tesserent.com/assets/template/_1920xAUTO_crop_center-center_80_none/47904/ 84 KB
84 KB 22ms
18ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/template/_1920xAUTO_crop_center-center_80_none/47904/tess-head-4-min.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 98068608adef19a83f48ac6f25c155b65a8b610012d80a054f0620bcd3c6406b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 12 Jul 2023 23:42:20 GMT
x-cdn: Imperva
etag: "64af3a5c-15124"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 170) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=45677, public
content-length: 86308
expires: Fri, 09 Feb 2024 03:59:43 GMT

GET
H2 200 image.webp
tesserent.com/assets/main/Insights-Images/_1920xAUTO_crop_center-center_80_none/41517/ 66 KB
67 KB 27ms
24ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Insights-Images/_1920xAUTO_crop_center-center_80_none/41517/image.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: e4b992ac5ac4af9baa0dbb30e073947249a1f63cea357fd403d06aa1e01c4bdc

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Thu, 13 Jul 2023 00:31:47 GMT
x-cdn: Imperva
etag: "64af45f3-10986"
content-type: image/webp
x-iinfo: 13-68267218-68263994 2CNN RT(1707405506483 172) q(0 0 0 -1) r(0 0)
cache-control: max-age=66926, public
content-length: 67974
expires: Fri, 09 Feb 2024 09:53:52 GMT

GET
H2 200 pexels-scott-webb-137602-1.webp
tesserent.com/assets/main/Insights-Images/_1920xAUTO_crop_center-center_80_none/17837/ 71 KB
72 KB 45ms
41ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/Insights-Images/_1920xAUTO_crop_center-center_80_none/17837/pexels-scott-webb-137602-1.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: da326b8f1ed9d9cb6c6f6b3603e8aa5204d5715fcb5f1134df72fb53a9e4bd69

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 12 Jul 2023 23:45:11 GMT
x-cdn: Imperva
etag: "64af3b07-11d90"
content-type: image/webp
x-iinfo: 13-68267218-68267253 2CNN RT(1707405506483 174) q(0 0 0 -1) r(0 0)
cache-control: max-age=66926, public
content-length: 73104
expires: Fri, 09 Feb 2024 09:53:52 GMT

GET
H2 200 NIST-Blog.webp
tesserent.com/assets/main/_1920xAUTO_crop_center-center_80_none/208202/ 166 KB
167 KB 30ms
27ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/main/_1920xAUTO_crop_center-center_80_none/208202/NIST-Blog.webp
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 13e58c121c0928e16f39c98790e14cb9ff280abc1cb496f5525896da38215913

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Wed, 30 Aug 2023 06:44:09 GMT
x-cdn: Imperva
etag: "64eee539-29994"
content-type: image/webp
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 178) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=42403, public
content-length: 170388
expires: Fri, 09 Feb 2024 03:05:09 GMT

GET
H2 200 vicparliament.webp
tesserent.com/assets/main/_1920xAUTO_crop_center-center_80_none/212088/ 259 KB
259 KB 59ms
55ms Image
image/webp 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tesserent.com/assets/main/_1920xAUTO_crop_center-center_80_none/212088/vicparliament.webp

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.154.81.3 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

107.154.81.3.ip.incapdns.net

Software

nginx /

Resource Hash

07ebea0ed355ff59f4a0a578ec318d5626eb2332fe7eabdbe47ae5ef451e3b2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:27 GMT
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
last-modified: Fri, 01 Sep 2023 00:03:04 GMT
server: nginx
x-cdn: Imperva
etag: "64f12a38-40a1a"
x-frame-options: SAMEORIGIN
content-type: image/webp
x-iinfo: 13-68267218-68267256 NNNN CT(10 3 0) RT(1707405506483 180) q(0 0 0 -1) r(0 0) U18
accept-ranges: bytes
content-length: 264730

GET
H2 200 logo-footer-new.png
tesserent.com/assets/template/ 88 KB
88 KB 36ms
33ms Image
image/png 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/template/logo-footer-new.png
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 328e803532bfb62791e258298b3ca6682a6dbb6c99893f58ab55e2d82ae1c5c1

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Mon, 18 Dec 2023 02:11:16 GMT
x-cdn: Imperva
etag: "657faa44-1f7b7"
content-type: image/png
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 183) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=314491403, public
content-length: 89790
expires: Thu, 26 Jan 2034 14:01:49 GMT

GET
H2 200 polyfill.min.js Show response
cdnjs.cloudflare.com/ajax/libs/babel-polyfill/6.26.0/ 102 KB
29 KB 22ms
11ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/6.26.0/polyfill.min.js

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:27 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 497024
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 29511
last-modified: Mon, 04 May 2020 16:06:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d6b-19873"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQkZHWpWxPGRkkXd2se4jg92A9xbABeqbXXMIvp7vIQIIRTgtr2tSV8y8pn196ry%2BLCmRYqYUVptr6cnr46SWGaCLSqhEYJeG9CkqEtShcqqvOA2ZTJX979OR%2BTerFko0NRH1C7p"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8524d8638f58a83e-SYD
expires: Tue, 28 Jan 2025 15:18:27 GMT

GET
H2 200 main.js Show response
tesserent.com/scripts/ 128 KB
37 KB 4ms
4ms Script
application/javascript 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://tesserent.com/scripts/main.js?v=2.9.5
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 2332421cda353435e034696a9f79995919ba636d19624a1548a8b90b74e1bb00

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
content-encoding: gzip
last-modified: Wed, 06 Dec 2023 23:11:48 GMT
x-cdn: Imperva
etag: "6570ffb4-1fff0"
content-type: application/javascript
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 146) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=314525755, public
content-length: 37830
expires: Thu, 26 Jan 2034 23:34:21 GMT

GET
H2 200 6140990.js Show response
js.hs-scripts.com/ 2 KB
1 KB 993ms
680ms Script
application/javascript 104.16.191.89
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/6140990.js

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.191.89 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9220386a8ee260edb2751c2930a77a194ba55eccc57fbbfb095b01c10869acf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7651fa10-14ab-4db0-957e-a9f62789bab5
x-envoy-upstream-service-time: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7651fa10-14ab-4db0-957e-a9f62789bab5
last-modified: Thu, 08 Feb 2024 12:43:47 GMT
server: cloudflare
x-trace: 2B6CDC49B2917EA7BF2ECFB7047CF2939B1DA07EC0000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://tesserent.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=90
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-f7f4ffb8f-96ksj
cf-ray: 8524d8657e3b79d0-SYD
expires: Thu, 08 Feb 2024 15:19:58 GMT

GET
H2 200 _Incapsula_Resource Show response
tesserent.com/ 146 KB
21 KB 42ms
39ms Script
application/javascript 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://tesserent.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=499045757
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: f119004b0a6cc640bf50831d5b46d5f6e381b667f15e236dfe94f1ac680ea4f9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 21126
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 243 KB
80 KB 520ms
120ms Script
application/javascript 172.217.167.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WCW99TZ

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

7329f5636cfbff9a5a36d7bb48527480c8c5cb0cb10bdf96f57e7de32f9fab56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81587
x-xss-protection: 0
last-modified: Thu, 08 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 08 Feb 2024 15:18:27 GMT

GET
H2 200 y8mfnrwaiadh.js Show response
js.driftt.com/include/1707405600000/ 220 KB
62 KB 929ms
828ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1707405600000/y8mfnrwaiadh.js

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

52d87460560d706c4aa2b62216ad84345b4292322c818c69fd55bb234afd4c83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:27 GMT
x-amz-version-id: HprHXY.99uyuv4UI_XMdF2xIfeEfDySD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Tue, 30 Jan 2024 20:20:44 GMT
server: istio-envoy
etag: W/"8bb3282387347ab14b7a49c1d4f4e79f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zt34_BKnLvrV5oJkd30mOs8rpxepivSIBjJhuFlMjwR3ercuhw0Kyg==

GET
H2 200 tess-blue-arrow-right.svg
tesserent.com/assets/icons/ 363 B
446 B 36ms
36ms Image
image/svg+xml 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/icons/tess-blue-arrow-right.svg
Requested by: Host: tesserent.com
URL: https://tesserent.com/styles/main.css?v=2.9.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: de02f823be67188fc2edac210f42ce4d122477a75e6820f1c17194de5e188fa3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/styles/main.css?v=2.9.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
content-encoding: gzip
last-modified: Mon, 18 Dec 2023 22:59:08 GMT
x-cdn: Imperva
etag: "6580cebc-16b"
content-type: image/svg+xml
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 192) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=35774, public
content-length: 274
expires: Fri, 09 Feb 2024 01:14:40 GMT

GET
H2 200 banner-watermark.png
tesserent.com/assets/template/ 321 KB
321 KB 38ms
36ms Image
image/png 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/template/banner-watermark.png?v=2
Requested by: Host: tesserent.com
URL: https://tesserent.com/styles/main.css?v=2.9.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: f71a2602d6497d62e2a21e1f415cd8d38d4aa7cea9312a91e5cc276e18939956

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/styles/main.css?v=2.9.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Mon, 18 Dec 2023 22:44:47 GMT
x-cdn: Imperva
etag: "6580cb5f-579e3"
content-type: image/png
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 193) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=314491403, public
content-length: 328496
expires: Thu, 26 Jan 2034 14:01:49 GMT

GET
H2 200 footer-watermark.png
tesserent.com/assets/template/ 435 KB
435 KB 38ms
37ms Image
image/png 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/assets/template/footer-watermark.png?v=2
Requested by: Host: tesserent.com
URL: https://tesserent.com/styles/main.css?v=2.9.5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: 7ed9cf795cf7e9195af6798c755343aef1ecb5acba6b304a1e3de7215eefb89b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/styles/main.css?v=2.9.5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:26 GMT
last-modified: Mon, 18 Dec 2023 03:21:39 GMT
x-cdn: Imperva
etag: "657fbac3-6e17c"
content-type: image/png
x-iinfo: 13-68267218-0 0CNN RT(1707405506483 195) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=314610693, public
content-length: 445426
expires: Fri, 27 Jan 2034 23:09:59 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
92 KB 528ms
527ms Script
application/javascript 172.217.167.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V2BNZQ8925&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WCW99TZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4afd4eb6576c8d413e274d5ff87bd8550b3581218f1bec30db4ac42b2e1b77c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93966
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 08 Feb 2024 15:18:28 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 405ms
3ms Script
text/javascript 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WCW99TZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 08 Feb 2024 13:52:42 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5146
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 08 Feb 2024 15:52:42 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 43 KB
16 KB 313ms
3ms Script
application/javascript 23.32.5.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WCW99TZ

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.32.5.109 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-32-5-109.deploy.static.akamaitechnologies.com

Software

Resource Hash

b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 23 Jan 2024 14:42:29 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=24003
accept-ranges: bytes
content-length: 15732

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
781 B 485ms
167ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: E2004BBFFCE540E7A305B8D50C40ACA2 Ref B: SYD03EDGE0908 Ref C: 2024-02-08T15:18:28Z
linkedin-action: 1
vary: Origin
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
access-control-allow-origin: https://tesserent.com
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYQ4FLSyycBgTmykNlE9A==

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medi...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medi...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3776012%26time%3D1707405508133%26url%3Dhttps%253A%252F%252Ftesserent.com%252Finsi...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medi...

0
433 B

216ms
216ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:29 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: EA30530B84DB4985A139E8787F849CD9 Ref B: SYD03EDGE0908 Ref C: 2024-02-08T15:18:29Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYQ4FLdrsQHYDQKVD8B8g==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Thu, 08 Feb 2024 15:18:29 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYQ4FLaP5WUg2iYIhjF/Q==
pragma: no-cache
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 06F2FA88F82741959C82CF02242DA522 Ref B: SYD03EDGE0908 Ref C: 2024-02-08T15:18:28Z
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3776012&time=1707405508133&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&tm=gtmv2&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
206 B 100ms
99ms XHR
text/plain 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=570575421&t=pageview&_s=1&dl=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&ul=en-us&de=UTF-8&dt=Dumping%20Windows%20Credentials%20%7C%20Tesserent%20Group&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=802678383&gjid=783363142&cid=207123693.1707405508&tid=UA-180837359-1&_gid=821107657.1707405508&_r=1&_slc=1&gtm=45He4250n81WCW99TZv866378409za200&gcd=13l3l3l3l1&dma=0&z=161396265

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 08 Feb 2024 15:18:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tesserent.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
56 B 100ms
99ms Ping
text/plain 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-V2BNZQ8925&gtm=45je4250v882051464z8866378409za200&_p=1707405507118&gcd=13l3l3l3l1&npa=0&dma=0&cid=207123693.1707405508&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1707405508&sct=1&seg=0&dl=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&dt=Dumping%20Windows%20Credentials%20%7C%20Tesserent%20Group&en=page_view&_fv=1&_ss=1&tfd=1665
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V2BNZQ8925
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.24.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: hkg07s23-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Feb 2024 15:18:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tesserent.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 35ms
2ms Stylesheet
text/css 23.55.38.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=fta5prn&ht=tk&f=32203.32205.32206.32207&a=84325837&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fta5prn.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.38.66 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-38-66.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://use.typekit.net/fta5prn.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
last-modified: Fri, 14 Jul 2023 12:49:35 GMT
server: nginx
etag: "64b1445f-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 l
use.typekit.net/af/148b9c/00000000000000007735affe/30/ 20 KB
20 KB 326ms
11ms Font
application/font-woff2 23.55.38.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/148b9c/00000000000000007735affe/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fta5prn.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.38.66 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-38-66.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: d32b4433423a8dff86f58d48f001fbd34b09a0ae449ff5bbf1b2363961447240

Request headers

Referer: https://use.typekit.net/fta5prn.css
Origin: https://tesserent.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
server: nginx
etag: "36022ee22d139836d66002969f1673edab083373"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19988

GET
H2 200 l
use.typekit.net/af/505ea4/00000000000000007735b006/30/ 20 KB
20 KB 329ms
15ms Font
application/font-woff2 23.55.38.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/505ea4/00000000000000007735b006/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fta5prn.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.38.66 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-38-66.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 3ba6696cd2574d682e8a8b0703a07d6d407713651da1fae89da2cfcdc244f293

Request headers

Referer: https://use.typekit.net/fta5prn.css
Origin: https://tesserent.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
server: nginx
etag: "31a5dbeae2bc468db15399b9584fce878b98ebde"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19980

GET
H2 200 l
use.typekit.net/af/11d803/00000000000000007735b005/30/ 18 KB
18 KB 327ms
20ms Font
application/font-woff2 23.55.38.66
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/11d803/00000000000000007735b005/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/fta5prn.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.55.38.66 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-55-38-66.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 3c9989b9d2404be9d20e1475f3809206f00357dbca05576d630aa62d7df2b5bb

Request headers

Referer: https://use.typekit.net/fta5prn.css
Origin: https://tesserent.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
server: nginx
etag: "d286f7d0e55d7dadc9376786054c6233b80a1a35"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18488

GET
H2 200 swiper-bundle.min.css
cdnjs.cloudflare.com/ajax/libs/Swiper/7.4.1/ 15 KB
4 KB 9ms
8ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/7.4.1/swiper-bundle.min.css

Requested by

Host: tesserent.com
URL: https://tesserent.com/scripts/main.js?v=2.9.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4c36bd623e62bea63b81dabb7ce6f9e3ae05c5d22f11d2c3a5802ced3c9c499

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 4293808
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3836
last-modified: Fri, 24 Dec 2021 16:30:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61c5f5b1-efc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FvLEf9xEd%2Fw287rNY5CP%2FNHIzjr4p1MACoCLcfcQuox3LvRlqqn1lQMchT2MKOVDHsyFc193HWHoyZPVV%2BTQi8RD5PqUC5BOHn40csLQSGSCLd%2B9U%2BDMnmVigDb8sGs26nuJbe4R"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8524d86cbaa9a83e-SYD
expires: Tue, 28 Jan 2025 15:18:28 GMT

GET
H2 200 swiper-bundle.min.js Show response
cdnjs.cloudflare.com/ajax/libs/Swiper/7.4.1/ 133 KB
33 KB 9ms
9ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/7.4.1/swiper-bundle.min.js

Requested by

Host: tesserent.com
URL: https://tesserent.com/scripts/main.js?v=2.9.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8954ae9654aea5d46a68bc5d91c063a3896a0d8a5927822049e4e06a4252b4a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6031941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 33103
last-modified: Fri, 24 Dec 2021 16:30:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61c5f5b1-814f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEtHFhAZ5bvpoywE1qKVjvIIaNcTozTJJCtNaJwDQnvEcD0zS5g362%2FE4WiJ69n%2BkUS%2Bipj%2B%2Bo46gWFR%2B9gcFHWo3Be1xCiJY%2FXZ9gv%2FzaQ%2FIjFrCXzm11VRcKGm89UbCl%2FebGd%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8524d86cbaaaa83e-SYD
expires: Tue, 28 Jan 2025 15:18:28 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 635ms
322ms Script
application/javascript 104.17.89.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6140990.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.89.154 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Origin: https://tesserent.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.451/bundles/project.js&cfRay=8524d86ec896a980-SYD
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"dc52d8d37d1323196ca91b50795df6c4"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: collected-forms-embed-js/static-1.451/bundles/project.js
date: Thu, 08 Feb 2024 15:18:29 GMT
x-amz-version-id: JAkD5shSwdxe4gNEROP8R.wQbdFvcCSE
via: 1.1 030b88b6d8d9c6faf056723bb5f16078.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD61-P1
x-hubspot-correlation-id: 262ce19f-3196-45d3-b1d9-fc896c2cca43
x-cache: Miss from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 72
x-evy-trace-route-configuration: listener_https/all
x-request-id: 262ce19f-3196-45d3-b1d9-fc896c2cca43
last-modified: Wed, 03 Jan 2024 09:59:36 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-mjwfl
cf-ray: 8524d86ec896a980-SYD
x-amz-cf-id: 0YncMje1D1rV-mrJjhqwr6B7SH8-5NdfrA0ZPOHOdkHfEEYg_HiO9g==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 323ms
10ms Script
application/javascript 104.17.229.163
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6140990.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.229.163 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91d1bde942744d48fec9019c7b87b351f7a165e544d59fcbb4e43f3309be4ab9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:28 GMT
x-amz-version-id: gvApL1OxjF_N9vv.KngIIs22vbExO7Ym
via: 1.1 030b88b6d8d9c6faf056723bb5f16078.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD61-P1
age: 104
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.514/bundles/pixels-release.js&cfRay=8524d5e1a8a5a801-SYD
x-cache: Hit from cloudfront
x-hubspot-correlation-id: b192be6f-d595-45cb-8b0a-53777aec9b80
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b192be6f-d595-45cb-8b0a-53777aec9b80
last-modified: Tue, 23 Jan 2024 14:51:49 UTC
server: cloudflare
etag: W/"67b4606337c5c72b80dacfb036530227"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-pv9r9
cf-ray: 8524d86eccc6a819-SYD
x-amz-cf-id: KBcUir2BEuQb6EBcplUSXkHb3UHqOq_zinWDmV0uDoAPl99RvYtOFw==
x-hs-target-asset: adsscriptloaderstatic/static-1.514/bundles/pixels-release.js

GET
H2 200 6140990.js Show response
js.hs-analytics.net/analytics/1707405300000/ 66 KB
21 KB 571ms
256ms Script
text/javascript 104.16.78.186
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1707405300000/6140990.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6140990.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.78.186 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05061432fef920d19783f5fea3b91ff9b505b8fa0dbf244a2e6308d40e75c457

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:29 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: S4BEQTQB9BT22C5G
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: b300a664-6f07-49c8-89b3-d52bc9658149
x-envoy-upstream-service-time: 26
x-amz-id-2: 3xHUJ8TKKCxL2LqlOpXM7MYB+juVFIVLZLbBwPVyMVr9j5hk7xz2w1hVgaD6fQTlBTwAayiXN2s=
x-evy-trace-listener: listener_https
x-request-id: b300a664-6f07-49c8-89b3-d52bc9658149
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 03 Jan 2024 16:35:38 GMT
server: cloudflare
etag: W/"037ab833eea759a51a571ff6c57c5df9"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-phrfm
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8524d86ecf86571d-SYD
expires: Thu, 08 Feb 2024 15:23:29 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/6140990/ 69 KB
23 KB 982ms
669ms Script
text/javascript 172.64.153.27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/6140990/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6140990.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef82496f058d6f41ccad86ca70fbf6d54b81310ea662392bc564e3d4ef873a4b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:29 GMT
x-amz-version-id: poc.ArnVWVahH2GJ0waffucBtOkiSg12
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: VD7CXPRE30DHXFAH
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: f8e1f4a3-9818-4f84-8721-c5d93ae09059
x-envoy-upstream-service-time: 56
x-amz-id-2: ZPiLTM6RBEnxVPTZ7aP+uw5PndSmNhMn0ReHJi2Bw4VXRJyquouoF0TGaESxBYLcTRBWL355W7M=
x-evy-trace-listener: listener_https
x-request-id: f8e1f4a3-9818-4f84-8721-c5d93ae09059
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 06 Feb 2024 15:17:32 GMT
server: cloudflare
etag: W/"6f86c86fe91676df317644a79160be96"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://tesserent.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8555f56d-pbxg4
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8524d86ec9a7a817-SYD
expires: Thu, 08 Feb 2024 15:23:29 GMT

GET
H2 200 _Incapsula_Resource
tesserent.com/ 1 B
35 B 4ms
3ms Image
text/plain 107.154.81.3
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tesserent.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6334634650394673
Requested by: Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.81.3 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.81.3.ip.incapdns.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 115 B
406 B 232ms
228ms XHR
application/json 104.17.89.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6140990&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.89.154 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96d9bb7b91262acc3dca119cf2460a07e8e86e16d1cef817869098c93b8b727

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 59aaa677-bf82-44ce-b938-b26adc57aef2
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 59aaa677-bf82-44ce-b938-b26adc57aef2
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://tesserent.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-748b697-h9dw7
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8524d8711982a980-SYD

GET
H/1.1 200
OK counters.gif
forms.hsforms.com/embed/v3/ 35 B
1015 B 546ms
233ms Image
image/gif 104.18.176.125
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2

Requested by

Host: tesserent.com
URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

104.18.176.125 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Thu, 08 Feb 2024 15:18:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: d6263833-57ba-4dc1-8fbe-271aff65fc1b
x-envoy-upstream-service-time: 7
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d6263833-57ba-4dc1-8fbe-271aff65fc1b
Server: cloudflare
X-Trace: 2BC52D07527FE37DC91F01EB882F6AF1A3EC18F232000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-bfd765d7d-z8vxw
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 8524d8747952dfbd-SYD

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 180 B
1 KB 722ms
411ms XHR
application/json 104.17.204.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=6140990

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.204.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4304f470b188a8b2d79c6f0fe24837eb75b03d713b030dab62a966cb6f20e1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: be7c0e93-d724-4d4e-a42e-75046970be2c
content-encoding: br
x-envoy-upstream-service-time: 169
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: be7c0e93-d724-4d4e-a42e-75046970be2c
server: cloudflare
x-trace: 2B7E6F4F64D85B4B2861DE2AE106496F4FB1A3AE53000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://tesserent.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-f7f4ffb8f-mt98x
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXGc5Kqqh69JzufCtR%2FBlEUid6KVhF76t%2F4Q1E0nJn9nMS6Yj7dII9uMXSQr44iSdq0G%2FxSSIH5ZYU425o7kWhe9R%2BpvA3VYxgM2grASFB37nCRBggTq%2Byw5oI2HfLe5"}],"group":"cf-nel","max_age":604800}
cf-ray: 8524d874fefe5d1e-SYD
access-control-allow-headers: *

GET
H2 200 core Show response
js.driftt.com/ Frame 94EC 2 KB
1 KB 213ms
213ms Document
text/html 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1707405600000/y8mfnrwaiadh.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

69dd333c29a4b5e4af6ba9979f292b4d48639a55d21b5a9c518c0338644aedcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 08 Feb 2024 15:18:30 GMT
etag: W/"709e1d949c69eada7a0ca9ed0b6ce540"
last-modified: Tue, 30 Jan 2024 20:20:36 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-id: zR_X4U1747GhZ88lYhO6KEASo8xMgX1Bap4by_Xh2Bsh7Rj2jnbEbQ==
x-amz-cf-pop: SYD62-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: xfIQAhP0Z7mzs2zkjcB.GGaWG5RrIbK2
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 18

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 8F60 2 KB
1 KB 214ms
213ms Document
text/html 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1707405600000/y8mfnrwaiadh.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

69dd333c29a4b5e4af6ba9979f292b4d48639a55d21b5a9c518c0338644aedcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 08 Feb 2024 15:18:30 GMT
etag: W/"709e1d949c69eada7a0ca9ed0b6ce540"
last-modified: Tue, 30 Jan 2024 20:20:36 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-id: eCk2bnuzlfViNTfbqnvyC8JmoGxg-zgr1NoSXf3M81XObuZE6DeUUQ==
x-amz-cf-pop: SYD62-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: xfIQAhP0Z7mzs2zkjcB.GGaWG5RrIbK2
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 53

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 549ms
234ms Image
image/gif 104.19.154.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=213758080&v=1.1&a=6140990&rcu=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&pu=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&t=Dumping+Windows+Credentials+%7C+Tesserent+Group&cts=1707405510092&vi=dc5bc400f3433319b57deb3bc27ba7b1&nc=true&u=236389406.dc5bc400f3433319b57deb3bc27ba7b1.1707405510089.1707405510089.1707405510089.1&b=236389406.1.1707405510089&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2c02b68c-b16c-4a50-8b34-9a8996330f80
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2c02b68c-b16c-4a50-8b34-9a8996330f80
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hCYcxSR3W6F079FjDUSZcKNS%2BLr33D8ZKd5%2Fe2yuHqm%2FmRLXbBRgnQkGZLPxD8A6Zp%2F5Yj1SEi%2FIOQrYeOV%2BADsodREWda7N0e%2F9ycP1DE2AbQaGFrh2ZiODe7G%2B%2FEIaMvaV"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-68f68ffdf9-gq49h
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8524d8781e2fa823-SYD
x-robots-tag: none

GET
H2 200 runtime~main.be089384.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 6 KB
3 KB 3ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4891ae2b0a7fd1bd7180806843221e6d89a9d08d2bd1ea14adcf42cd74176a6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: xtycQo_IRyCLNoLddZPZ2is8sLxSxVEQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759474
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 30 Jan 2024 16:30:59 GMT
server: istio-envoy
etag: W/"a37d88c0ab512066f540acf513660ab4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Nu0K_K2x9_0P97uhzex9dybDQftt2yXQutNxLi0g0uAY2mNnE6A2JA==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 35 KB
13 KB 4ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 16:54:42 GMT
x-amz-version-id: HDcHxkf5IcGKwetkykXXAu0vS7qaFySC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 426228
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Fri, 02 Feb 2024 20:15:44 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GVaMSMh4W-FKjit5u26B__z7Zi7tDxA-bCDKEsiPp3B3dHNdHoIc3Q==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 7 KB
3 KB 4ms
4ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: 0GtKQXehXpP_cde0808GwW30t_5Mwtdo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 2240045
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 11 Jan 2024 23:20:34 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mjzlL3BSdxVgQs0IoLK6btckwTUlxC_KxtccwhR0DSHmpiodz8xaPA==

GET
H2 200 runtime~main.be089384.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 6 KB
3 KB 4ms
4ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4891ae2b0a7fd1bd7180806843221e6d89a9d08d2bd1ea14adcf42cd74176a6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: xtycQo_IRyCLNoLddZPZ2is8sLxSxVEQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759474
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 30 Jan 2024 16:30:59 GMT
server: istio-envoy
etag: W/"a37d88c0ab512066f540acf513660ab4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: t3qzXCj1Grpo9b0O7uC44BO3q638TOci5DIOIjrifMHWinP9skpTIg==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 35 KB
13 KB 5ms
4ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 16:54:42 GMT
x-amz-version-id: HDcHxkf5IcGKwetkykXXAu0vS7qaFySC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 426228
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Fri, 02 Feb 2024 20:15:44 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Do5w8Q-f2nYRAav0-A9BWTV_ra8MmzICNWsZ_A6i7JZDdfR0wkvAMQ==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 7 KB
3 KB 5ms
5ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: 0GtKQXehXpP_cde0808GwW30t_5Mwtdo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 2240045
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 11 Jan 2024 23:20:34 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w32qxFyJAGeI_6XiQffMrT-Zfnj7ROGirnY11pOtEFf05qqUNIvl4Q==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 23 KB
8 KB 3ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 21:21:16 GMT
x-amz-version-id: 65ii9EnlUnj1HzZRPX6CoO.BD3iy1XfV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3434234
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VmdBF9K4zSiHQg0gtWUTY3-c7gDgwUnBTXsa7lcL9qyPoTOZAQ7vaQ==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 36 KB
10 KB 3ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 15:49:27 GMT
x-amz-version-id: o996jMEEz_i4L4KeYj87TpylOOnjK0J4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3454143
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YW7bjyz2Mnpr2Oa3RvW0LmuEY5DBVStE3PtLZXUp2UoFSS7JoMx-KA==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 32 KB
11 KB 3ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 13:10:00 GMT
x-amz-version-id: Ky6QIkZiBGtiJJ5ArZwKu1e32zvPbxo9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 8906910
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Oct 2023 17:57:48 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aUgS41VPHIHZ10BsTt8D2igEqQb1ZVkXjCG-SUQBOjacmpS4vCW96w==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 17 KB
6 KB 4ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 15:44:45 GMT
x-amz-version-id: TS.9ApOzy..rylGKiVPdLcCX5dJ9HsBw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3800024
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EZFL7Yof4tYQ8VHJhs1iGjTlWyc3cC4FJSc4qhXrGkaJp65lcIFtrQ==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 25 KB
8 KB 5ms
5ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 12:04:10 GMT
x-amz-version-id: ipJfGKOjQIIy3Yfwx2qloCVS0cfb8VcD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3467660
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4XhxmmdlbyQNlWSXfiKbTuuOZwaGSOOgllP3SNby3N7PSMAK7YNaig==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 74 KB
23 KB 5ms
1ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 16:09:40 GMT
x-amz-version-id: 7qvhNtZjMiy2xDcaU4Kz6VMm.8L11yt.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3107329
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 02 Jan 2024 16:23:55 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PkMQMoNTMf3u8F2cIqrGm8-ca00xiJ51-JBIYutz6W0XuL4nASCYZg==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 66 KB
20 KB 12ms
7ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 19:44:49 GMT
x-amz-version-id: vWLMHlUZ2N1cEBvj7bKxL6VV2JgNhA.J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 6377621
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 21 Nov 2023 16:21:41 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SIEFnWu3FkwkSu8yBgVsO24IwISmgiR8GhBUw6YA0UKMo69ONd6hKw==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 91 KB
28 KB 12ms
8ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:16:15 GMT
x-amz-version-id: dKJ1U27g1AY2DpmHRU1vwS0FQWALzzt5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3441734
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 29 Dec 2023 19:54:12 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -unVFucuzBthERzbUYcTNykzZJwx3p02140gVWM0Me-kkGQ9tlXLUA==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 23 KB
7 KB 14ms
10ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:15:20 GMT
x-amz-version-id: cZI1cI6WRHhkzkWa3N1Jh4ekBwSSYCCx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3794590
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PetvTUT6bnjWRtS2N6EacSFmjVvTszV1aQGRF8c1g-KenltZw-vn0Q==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 62 KB
20 KB 14ms
11ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: SrNyHagBx32OF2eMSIqB0n06HpGxYPC6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 2240045
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: StD96rOcSmhEwz6bKuuh9XMLWgdp6wAa4UiXWia-J26Ztu0dS6ua3g==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 105 KB
34 KB 15ms
11ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 15:49:27 GMT
x-amz-version-id: vHEYpCAIo9IyPbrRBl0vwkeR2C2uscLG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3454143
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7gCsESnyJbPwDNBUZD6uCY8B4705rlPrqTtHg5Ap1FznxvOSBtEDmw==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 12 KB
4 KB 16ms
12ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: 6Sh5b_It8mGmTuwdZeGIb9M6jFgL8k4s
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 1206740
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: A8g3d97gjvesI3eTCuOTQ64quIZIMd1SNFXaG2UyHdUcboHPNMxrJw==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 13 KB
6 KB 30ms
26ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:50:15 GMT
x-amz-version-id: qJYC3VkwoiKn3pMOB54Rk.IYgMXpbMYm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3439695
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -Kmg49cq9ih9JMUKUEFEDqIYqSZ8o2DyGjjZeybTc7aeif4HXZTavw==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 17 KB
7 KB 30ms
27ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:16:43 GMT
x-amz-version-id: 9XBjxFxayKbabIF2yelSQk8jdbs.8_S0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3794506
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: k2vAp_7SIS1fP7RWVN1rjFRBp0QBnSMLk3I3v0Y2Pi1g2Haw7KS9vQ==

GET
H2 200 8.ab226b4a.chunk.css
js.driftt.com/core/assets/css/ Frame 94EC 31 KB
4 KB 5ms
3ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 21:38:18 GMT
x-amz-version-id: Iy50rWLvnka9klYMF5qa_8hsgho0e_uB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 1100412
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 26 Jan 2024 18:11:46 GMT
server: istio-envoy
etag: W/"1e97f00f07b87f701d0bf06259f954e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2AXz-xnfciVS5yTwoM4bLKDVFw4iefQctESf17rVpGoydpyY80ouFA==

GET
H2 200 8.ce202881.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 82 KB
26 KB 32ms
31ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.ce202881.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: mQIEwfFQyClv1G1Ejf6MWBI5BBswFf_l
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 65
last-modified: Tue, 30 Jan 2024 16:30:58 GMT
server: istio-envoy
etag: W/"182944c0e758d6ff6a202ce976d91cc6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6pwXOUAcwN5XVR4fjsRlhUHwzkanDi0-0XYSE2BZ8SVGZQHvIS2IdQ==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 94EC 24 B
697 B 6ms
4ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 05:34:37 GMT
x-amz-version-id: oL98YdzlpaGyxUOIAT2tnEGpxnQwpHij
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD62-P1
age: 3836633
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 12
content-length: 24
last-modified: Tue, 19 Dec 2023 18:34:35 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: D036ClDKxxSI-dwcdvolWKupAc_5V9uyUJ2M_Ja-9VFj0fCo9LMFlQ==

GET
H2 200 16.0a87dc8c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 93 KB
24 KB 32ms
31ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.0a87dc8c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: RsA2hpXwDntL3q66hRYGEyJFeaiGX5Be
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 64
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"4d556324f40b4d890d1ae22bdef7d679"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: f2n01d7OQscUX5Ew2uGwhtQFHc7lZ3NNTgSCja6Y27_IcYLNFP49XA==

GET
H2 200 24.6ae977d6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 51 KB
14 KB 35ms
34ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.6ae977d6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

897f811bb47f9745182b2780e58cad6fab6ca5dc0d8d17f4e12dfb4a394ccdd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: pwk0W6LeM0W74if5zX8v7mEqwhbFugIC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"4e9807f6460a733b8095cd47679bf940"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: f6ZFBu474PoLFMwwxut_O2k9u5bHGAkWP4wuWqD9LWulo5eU0Uhq5g==

GET
H2 200 17.ecf0772e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 40 KB
13 KB 36ms
35ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.ecf0772e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fd53afd3d83890806b14513ee8438283da141aad79a9d75391e3b9e0b6cdf829

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: EEglradmSKyrRiOpLg5EEPiAXqvHjqUY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"45cc623a137048a1f98e0fb0133b22ed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SNKiyUIgxXe-eS_vIIvKQ2YbWJ8VSDZfKmGCIyoLjBQ6el7vRq8VYg==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
73 KB 162ms
137ms Script
application/javascript 172.217.167.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-378039964

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

0e885e6d656c733abf4f6db8ac66bbfd9c056e145747f515ada265d2b737de54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74567
x-xss-protection: 0
last-modified: Thu, 08 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 08 Feb 2024 15:18:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
73 KB 617ms
593ms Script
application/javascript 172.217.167.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-378039964&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WCW99TZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s06-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

2c315df0a773f01506eb2c2adc4086ec5626b90f645d358f109d5ba6064c610b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74521
x-xss-protection: 0
last-modified: Thu, 08 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 08 Feb 2024 15:18:30 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 43 KB
16 KB 24ms
0ms Script
application/javascript 23.32.5.109
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.32.5.109 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-32-5-109.deploy.static.akamaitechnologies.com

Software

Resource Hash

b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 08 Feb 2024 15:18:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 23 Jan 2024 14:42:29 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=24001
accept-ranges: bytes
content-length: 15732

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 23 KB
8 KB 26ms
2ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 21:21:16 GMT
x-amz-version-id: 65ii9EnlUnj1HzZRPX6CoO.BD3iy1XfV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3434234
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Y5xZg-G6SkSuWzmey1_BEzPhwVyIPLlwolZLZMr8bJ_dMGfvaBNqdA==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 36 KB
10 KB 11ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 15:49:27 GMT
x-amz-version-id: o996jMEEz_i4L4KeYj87TpylOOnjK0J4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3454143
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NIxzDaup1ludZLFLTOQ0JoyEmCLuDsb1vhB6l0RYp8ImjDwHxbtFiA==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 32 KB
11 KB 11ms
3ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 13:10:00 GMT
x-amz-version-id: Ky6QIkZiBGtiJJ5ArZwKu1e32zvPbxo9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 8906910
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Oct 2023 17:57:48 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W-7a8XXJ1Xe1GWjsLN2-XVxDOFfBwJLRFKmxqb26cdFG83FtKGXmEQ==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 17 KB
6 KB 13ms
5ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 15:44:45 GMT
x-amz-version-id: TS.9ApOzy..rylGKiVPdLcCX5dJ9HsBw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3800024
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tjXL0l31cxqvIyQPobDCT7onaSe6pt5ZuSfzn8zaRsT2CCs2K3gZVw==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 25 KB
8 KB 13ms
6ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 12:04:10 GMT
x-amz-version-id: ipJfGKOjQIIy3Yfwx2qloCVS0cfb8VcD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3467660
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BCCeZlb4uYFoapwjpIrhghxE1IXW98k0jqKOGSF9VQmkh_JPYcClUw==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 74 KB
23 KB 17ms
10ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 16:09:40 GMT
x-amz-version-id: 7qvhNtZjMiy2xDcaU4Kz6VMm.8L11yt.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3107329
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 02 Jan 2024 16:23:55 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: na6bTv3XAzbLoTwrOJtv6wEpCLjsb2LynAxEEvh5eoufycR2Rl5dlA==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 66 KB
20 KB 18ms
11ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 19:44:49 GMT
x-amz-version-id: vWLMHlUZ2N1cEBvj7bKxL6VV2JgNhA.J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 6377621
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 21 Nov 2023 16:21:41 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WsDjkwZ4W0YH2jTnvEP7qSJstE6Igevv5Xykn4J8OmOPXV03AaoLyg==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 91 KB
28 KB 19ms
12ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:16:15 GMT
x-amz-version-id: dKJ1U27g1AY2DpmHRU1vwS0FQWALzzt5
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3441734
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 29 Dec 2023 19:54:12 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _rxzcXQ7Tcu9Jhou_fK8_gndKxlO9ZrhMOcs7rIJ2qBG2J2OkrGCZA==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 23 KB
7 KB 20ms
13ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:15:20 GMT
x-amz-version-id: cZI1cI6WRHhkzkWa3N1Jh4ekBwSSYCCx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3794590
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vrlZntBDjFHX4JmoQqPX1hDsgqPHfNp7HHPYLqToFimFllW3tLOCGw==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 62 KB
20 KB 20ms
13ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: SrNyHagBx32OF2eMSIqB0n06HpGxYPC6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 2240045
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n8hymMf1bzAAHTSkW-qkFx2LjGBr7KhGxFnIrVVPLlk-gNOgl49HGg==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 105 KB
34 KB 21ms
14ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 15:49:27 GMT
x-amz-version-id: vHEYpCAIo9IyPbrRBl0vwkeR2C2uscLG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3454143
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IzlaaczHanTOJ_cvluhprmFTOEUjhDq9eYfP2yGfvEiTKbD-JDITmQ==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 12 KB
4 KB 22ms
15ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: 6Sh5b_It8mGmTuwdZeGIb9M6jFgL8k4s
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 1206740
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qNb2gSzQUngkni-UMYAixzGM2KDs5sqiz3TZoZq8_QbJzKj-UgwXkw==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 13 KB
6 KB 22ms
15ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:50:15 GMT
x-amz-version-id: qJYC3VkwoiKn3pMOB54Rk.IYgMXpbMYm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3439695
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HVyHHGsQohf4dCEe26_xDf7Ae2tioqsGL-t0IwqG7jyY3kBcG8QZYA==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 17 KB
7 KB 23ms
16ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:16:43 GMT
x-amz-version-id: 9XBjxFxayKbabIF2yelSQk8jdbs.8_S0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3794506
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FwGQGdrC39U-VMginfkgpvRALMJ767snrDWuN_9jq86flVt_ToWFYg==

GET
H2 200 8.ab226b4a.chunk.css
js.driftt.com/core/assets/css/ Frame 8F60 31 KB
4 KB 7ms
1ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 21:38:18 GMT
x-amz-version-id: Iy50rWLvnka9klYMF5qa_8hsgho0e_uB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 1100412
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 26 Jan 2024 18:11:46 GMT
server: istio-envoy
etag: W/"1e97f00f07b87f701d0bf06259f954e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jmPwG5PbFrH9YevUCRtuIecWhCgDQhF0gh-jTvTC10R1KilQE5gNAg==

GET
H2 200 8.ce202881.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 82 KB
26 KB 23ms
16ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.ce202881.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: mQIEwfFQyClv1G1Ejf6MWBI5BBswFf_l
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 65
last-modified: Tue, 30 Jan 2024 16:30:58 GMT
server: istio-envoy
etag: W/"182944c0e758d6ff6a202ce976d91cc6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rMWSGYsBNiWycX8v-4pty8dKsOKPF6ecS0mwT5UysRvq02amSbFGDA==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 8F60 24 B
697 B 8ms
1ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 05:34:37 GMT
x-amz-version-id: oL98YdzlpaGyxUOIAT2tnEGpxnQwpHij
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD62-P1
age: 3836633
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 12
content-length: 24
last-modified: Tue, 19 Dec 2023 18:34:35 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Y7V2uOIJvMnRYftfA-Ud_kcEJIb27ieJpQkRVxk3_68gQEbuf3QKQA==

GET
H2 200 16.0a87dc8c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 93 KB
24 KB 23ms
17ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.0a87dc8c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: RsA2hpXwDntL3q66hRYGEyJFeaiGX5Be
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 64
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"4d556324f40b4d890d1ae22bdef7d679"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZhORCSpxrWob7k0bU8c6FwVHCIV5g579obEB-rj0x8j3NZLEdGreew==

GET
H2 200 24.6ae977d6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 51 KB
14 KB 24ms
18ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.6ae977d6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

897f811bb47f9745182b2780e58cad6fab6ca5dc0d8d17f4e12dfb4a394ccdd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: pwk0W6LeM0W74if5zX8v7mEqwhbFugIC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"4e9807f6460a733b8095cd47679bf940"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: j3JvfRefOh6TdAHNAokQzz_RKpWPy444BME7b70qjTIl3t27D3Hrfw==

GET
H2 200 17.ecf0772e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 40 KB
13 KB 24ms
19ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.ecf0772e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fd53afd3d83890806b14513ee8438283da141aad79a9d75391e3b9e0b6cdf829

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: EEglradmSKyrRiOpLg5EEPiAXqvHjqUY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759473
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"45cc623a137048a1f98e0fb0133b22ed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uwIsaRZn9_fuYNFFEdzg2QNA4kzLpnwsOu2qhvUjj3z-OMZkRxQr6Q==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 9 KB
3 KB 6ms
4ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:55:22 GMT
x-amz-version-id: Y781S_VzAVL.FvZLy68c4VxLUtkjapgJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3439388
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 29 Dec 2023 19:54:12 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5iQB_HIUTO0iCs44_byHUncsTtRaUcFBhXvWgu8ZBG454CjQEnSbYA==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 35 KB
10 KB 6ms
5ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 20:24:42 GMT
x-amz-version-id: 0v.zWKDGUSzanBUPncpUeDGT_k0okRSl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3437627
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 70
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SpTqnQZpxLZ5IDQPvJ3MZXc-XTnmShIw0n9eZxpMXYHSFonurMZcSQ==

GET
H2 200 28.b5e8f5e1.chunk.css
js.driftt.com/core/assets/css/ Frame 94EC 8 KB
2 KB 4ms
3ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.b5e8f5e1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 18:45:26 GMT
x-amz-version-id: t9QX4xqUPKYeSrJ5WayVEQbzgW0MpN5y
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3443584
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 35
last-modified: Fri, 29 Dec 2023 19:54:11 GMT
server: istio-envoy
etag: W/"e7107bc29ccb3c6d928f0f8f10a0f22d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DH7-ttt721EomxPFNybEK8Kw9kTu6rSvtLTvf61mxLbt8P7hhLESMA==

GET
H2 200 28.07e1b068.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 15 KB
6 KB 6ms
6ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.07e1b068.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7d78bcb45e61155283355f98b205d9dc7b416aef6cfd5ae58c76d7633941a52b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:38 GMT
x-amz-version-id: n2Ilv3EJ7xNfD3rdnMTYy30EaO4FuNsw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759472
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Tue, 30 Jan 2024 16:30:57 GMT
server: istio-envoy
etag: W/"c5f153de3aa4a7014a810aa46b771779"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yrsYWalEkjAWdbgFaVwHNDbp0Y0Dqan-n07tV06rw3GVYBeinIVyHA==

GET
H2 200 25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 94EC 365 B
1 KB 4ms
4ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 23:49:13 GMT
x-amz-version-id: rajTxTkIhKh9X22Hd040.Q95o21j02OQ
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD62-P1
age: 2215757
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
content-length: 365
last-modified: Thu, 11 Jan 2024 23:20:31 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KxlRW9PCUxlDKMbo10qjlrJJRE1G6WhI4XxbttjNtlzUfc8AtFDoGA==

GET
H2 200 25.1d3d9824.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 92 KB
25 KB 6ms
6ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.1d3d9824.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b6da2852778840c0456b598c5e78236c7e0e6f6e23129685865f5a0a5bd1d538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:38 GMT
x-amz-version-id: i_79AEKVXINSKZZ_F9q2iBkjxhhET31w
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759471
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Tue, 30 Jan 2024 16:30:57 GMT
server: istio-envoy
etag: W/"8f12545f0516bd02f772ca8e6d75b905"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iv-EPeeLVomRnaNg9mV0Y8Ioz-iqnVGm-tkQdaFLWPOD1EToIbfabg==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 8F60 3 KB
1 KB 3ms
2ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:50:16 GMT
x-amz-version-id: uqMhySLrNYjZyY6nzAh0_A6A.zoGWzZN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3439694
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 39
last-modified: Fri, 29 Dec 2023 19:54:11 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GV4cHi8pZ0N-ctz6lae65HCVbNxKil1DRqw-Nua96xqfil0icC6Wvw==

GET
H2 200 37.fba521ea.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 3 KB
2 KB 6ms
6ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.fba521ea.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b1700a9f05644621ffe3a13f59d5258261f170718eb8a6076e5fc55cd918afc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:16:52 GMT
x-amz-version-id: xjtqmvmGCF_5aoLvs301rH4qtFtIOHxH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3441698
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"deb91ed165197613da3fac3d4f67edf9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6hqZGvmw20RscaNqEfy-nfYprgLgyuL5KV85blit-ta8ycwFPqxSBw==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 9 KB
3 KB 6ms
5ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:55:22 GMT
x-amz-version-id: Y781S_VzAVL.FvZLy68c4VxLUtkjapgJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3439388
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 29 Dec 2023 19:54:12 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RZLOk5Fn1HlZnhOSg_kUlUgGmDqNgE-oQq7LUIeawgsPDIiGPBR5mA==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 8F60 7 KB
2 KB 4ms
2ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 20:59:18 GMT
x-amz-version-id: J3XNEGX0QtsWEnbsU2sUmc7CPIDTNnsc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3435552
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 29 Dec 2023 19:54:11 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -VmcKC7aCZFHt7mV8RmhIhNG7HyzNAiCe3Mav27Wmsm35razspS3aw==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 54 KB
15 KB 6ms
5ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 17:04:23 GMT
x-amz-version-id: YJGnKqieSmaG9MUaX050rVdybFG0UsxS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 5955246
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Wed, 29 Nov 2023 17:11:55 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fVMQ3qE_Vo1MFqgmq668hQ4-4kKkWuFYqX-iGkwSQGAkT17bK4mQeg==

GET
H2 200 1.12ba17b6.chunk.css
js.driftt.com/core/assets/css/ Frame 8F60 44 KB
7 KB 4ms
3ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 15:44:47 GMT
x-amz-version-id: 1xzUgPbFb7aaeyDZtp6vQOQncX9.jojY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3800023
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 19 Dec 2023 16:15:21 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hnpAu5OtRsZnYCwZbH5p7MWLeQlOBZJpjnEp3WB2dFiPgR8tH6zT5A==

GET
H2 200 1.df455e72.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 54 KB
17 KB 7ms
6ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.df455e72.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e17ed6f660604edd30f3fb7d0d9f8ff81897a294451d7c5ad93b730ffcb6e5b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:38 GMT
x-amz-version-id: ZCfp.eb0kjFOEX3IwDx2bmFD4SZaoyG4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759472
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 30 Jan 2024 16:30:55 GMT
server: istio-envoy
etag: W/"905d835fcc30c0124bb904590c72e394"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ezv2svIyPlCWCW2kh8fFR82yfk1kkzmOs9BAbHEEJC44VQXAifJBfw==

GET
H2 200 4.c6304c2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 23 KB
10 KB 10ms
9ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.c6304c2e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a55619fd27a0e1c6c940e668707a13ea02bc52953106260a570c28e5a300c070

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 20:50:21 GMT
x-amz-version-id: vW9CxooumF5xeSkTz1EKk0V7MH7edxkF
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3436089
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 46
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"672c1436035fd059b992723cdedd3472"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oteNQlIXj2cfy9zMB-reyUU1xtt7ngJpN5mnb9LBnsTGdudJutJVoA==

GET
H2 200 34.5fdd3e3b.chunk.css
js.driftt.com/core/assets/css/ Frame 8F60 16 KB
3 KB 5ms
4ms Stylesheet
text/css 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.5fdd3e3b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a03b854d10519fd5be9cdcbc78fad3927c1a3de9e84fa74353c8a19cc20d0501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:38 GMT
x-amz-version-id: IrMkVQs7lH.AehsQAbAKz1mDjOweAHHO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759472
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Tue, 30 Jan 2024 16:30:54 GMT
server: istio-envoy
etag: W/"6f779260053e30787f84dfa7ba6743e5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: D4T2dBWYijqjt84zrvvtnlHZP2thYxYA20prCa6_n4cAkNhPaWIwPg==

GET
H2 200 34.a74cf682.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 13 KB
5 KB 11ms
10ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.a74cf682.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a0ecd664d717fc9ad0a511a6379f291db344fd80bfe9058989c0f4d658d65e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:38 GMT
x-amz-version-id: 3riUQLKgKFzP8T6iTzopZY0msGOhRJyj
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 759472
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Tue, 30 Jan 2024 16:30:57 GMT
server: istio-envoy
etag: W/"a5ca20176509792eb61e2e83db9487a0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WpYp_am15kadQFFTjht9lZ7RkQe2-KAzVUQeD3c5bJOhAN93Qam53w==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 94EC 208 B
648 B 725ms
212ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

a644fed075ae3206cd0167b762fb97a79304a44bba562b1851b4859a018dfcf9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 08 Feb 2024 15:18:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 4d19db35aef8a229
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 208

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/378039964/ 3 KB
2 KB 460ms
105ms Script
text/javascript 172.217.24.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/378039964/?random=1707405510730&cv=11&fst=1707405510730&bg=ffffff&guid=ON&async=1&gtm=45be4250za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&hn=www.googleadservices.com&frm=0&tiba=Dumping%20Windows%20Credentials%20%7C%20Tesserent%20Group&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1937517461.1707405511&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-378039964

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f34.1e100.net

Software

cafe /

Resource Hash

c81c1d120e4db970bba92a7d098b516eba77c684708812d3d9ad9aeed8b4f33e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Feb 2024 15:18:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/378039964/ 42 B
455 B 507ms
104ms Image
image/gif 142.251.221.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/378039964/?random=1707405510730&cv=11&fst=1707404400000&bg=ffffff&guid=ON&async=1&gtm=45be4250za200&u_w=1600&u_h=1200&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&frm=0&tiba=Dumping%20Windows%20Credentials%20%7C%20Tesserent%20Group&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_ZP8wWid9ou1gqdcuPjV5IJLIjlPq4Q&random=261479507&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.68 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Feb 2024 15:18:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.au/pagead/1p-user-list/378039964/ 42 B
455 B 507ms
105ms Image
image/gif 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/pagead/1p-user-list/378039964/?random=1707405510730&cv=11&fst=1707404400000&bg=ffffff&guid=ON&async=1&gtm=45be4250za200&u_w=1600&u_h=1200&url=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&frm=0&tiba=Dumping%20Windows%20Credentials%20%7C%20Tesserent%20Group&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_ZP8wWid9ou1gqdcuPjV5IJLIjlPq4Q&random=261479507&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Feb 2024 15:18:31 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v2 Show response
customer.api.drift.com/integrations/hubspot/utk/ Frame 94EC 2 B
60 B 211ms
211ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 08 Feb 2024 15:18:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: d02ec7b6adf6b1ea
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2

OPTIONS
H2 200 v2
customer.api.drift.com/integrations/hubspot/utk/ Frame 0
0 251ms
210ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://customer.api.drift.com/integrations/hubspot/utk/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 08 Feb 2024 15:18:31 GMT
requestid: drift969db4043d2bf8f7dac7e9ecf03
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 94EC 25 B
88 B 278ms
221ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 08 Feb 2024 15:18:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: f3cbb0ff5270f04f
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 11
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 94EC 7 KB
3 KB 371ms
370ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

bbdf96a7127c172553428c33d812a39e8323826e4b853eded3c1c01df4ad1c71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 08 Feb 2024 15:18:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 8dc3181e17862c21
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 161
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 3182

POST
H2 200 track Show response
event.api.drift.com/ Frame 94EC 649 B
708 B 211ms
210ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

cd8eadfdef901d028642eb9c7a1bcf2b3a718244a535f725dbb3188fecf7d425

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMDk0ODYyMjE3NCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6Ijc3MjQiLCJleHAiOjE3MzkwMjc5MTEsImlhdCI6MTcwNzQwNTUxMX0.gZiMDsnbU6Sw5ZkPlwYQswR2UFPzrkieoHj89KJcUS8TV5JOy3Fl81JjpLqcKpjMSmYqcQYDD57rms3k7Oi92Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 08 Feb 2024 15:18:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 1c4673be9441b433
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 649

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 263ms
210ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 08 Feb 2024 15:18:33 GMT
requestid: driftcec024b423eb05c6495ed0b63f8
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 94EC 19 KB
7 KB 2ms
2ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=y8mfnrwaiadh&eId=y8mfnrwaiadh&region=US&forceShow=false&skipCampaigns=false&sessionId=bfcc4038-0bf9-461c-934f-dc08de743780&sessionStarted=1707405510.074&campaignRefreshToken=76ccfc19-ff61-4131-be3e-48d72d2c66af&hideController=false&pageLoadStartTime=1707405507083&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:55:38 GMT
x-amz-version-id: vvKrw1DeUfo.csc73KjhzHlmJn5ffoMB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3439375
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 29 Dec 2023 19:54:14 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EavFb_yidNH1PhdJrHBn_X5KpF1v_FxilAsf5iVjB416F-1_3tVBfw==

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 8F60 19 KB
7 KB 2ms
2ms Script
application/javascript 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.be089384.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707405507083
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:55:38 GMT
x-amz-version-id: vvKrw1DeUfo.csc73KjhzHlmJn5ffoMB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3439375
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 29 Dec 2023 19:54:14 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9vNJLA4SW3EmDwWVnqj9Vk5ZbXb0iTuACEJeXas-8qsu-N3L2sbvyw==

GET
H2 200 BrandonText-Regular.woff
js.driftt.com/deploy/assets/static/fonts/ Frame 94EC 35 KB
36 KB 3ms
2ms Font
font/woff 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Regular.woff

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

21bdcdfd51ead1961cd0b8c2eea45de39624ab06acda8a32987af4cf8ca28f15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 15:45:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3799956
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 56
content-length: 35752
last-modified: Fri, 13 Mar 2020 19:34:43 GMT
server: istio-envoy
etag: "1c7b5698687a6a103981a7a138de218e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff,font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MCKaHr8e5AtTYOgYSpCaDN-NsZxguMay-gLjmEiwJ7yuGJnMp9I_eQ==

GET
H2 200 BrandonText-Bold.woff
js.driftt.com/deploy/assets/static/fonts/ Frame 94EC 36 KB
37 KB 4ms
4ms Font
font/woff 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Bold.woff

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6b64e07a5bc505e12fa9253d28619739c57cd8c80eb9b1e54aa44e06c0ef3a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Mon, 25 Sep 2023 20:01:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 11733411
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 122
content-length: 37088
last-modified: Fri, 13 Mar 2020 19:34:43 GMT
server: istio-envoy
etag: "4b46eb2ce75b22547575a0dc2144494e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff,font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TXPaiFRRbDnlHSrgDpkpaW0UhhS5iy9E5kZ7O43ceJftIhCKZs3EIA==

GET
H2 200 BrandonText-Regular.woff
js.driftt.com/deploy/assets/static/fonts/ Frame 8F60 35 KB
36 KB 3ms
3ms Font
font/woff 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Regular.woff

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

21bdcdfd51ead1961cd0b8c2eea45de39624ab06acda8a32987af4cf8ca28f15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 15:45:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 3799956
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 56
content-length: 35752
last-modified: Fri, 13 Mar 2020 19:34:43 GMT
server: istio-envoy
etag: "1c7b5698687a6a103981a7a138de218e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff,font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7GSSD2hIONEjhdBu6jI0V0KgeEsxX49KxDfsN7SfPNC-iSZHYGzoUg==

GET
H2 200 BrandonText-Bold.woff
js.driftt.com/deploy/assets/static/fonts/ Frame 8F60 36 KB
37 KB 4ms
4ms Font
font/woff 18.67.93.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/static/fonts/BrandonText-Bold.woff

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.93.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-93-111.syd62.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6b64e07a5bc505e12fa9253d28619739c57cd8c80eb9b1e54aa44e06c0ef3a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Mon, 25 Sep 2023 20:01:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P1
age: 11733411
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 122
content-length: 37088
last-modified: Fri, 13 Mar 2020 19:34:43 GMT
server: istio-envoy
etag: "4b46eb2ce75b22547575a0dc2144494e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/font-woff,font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: sh3mcPt1eAbpJGPHY3rOJLxNdl_fsiPNlu8UQeo1UyFUmSKrXo183g==

POST
H2 204 collect
www.google-analytics.com/g/ 0
54 B 100ms
99ms Ping
text/plain 172.217.24.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-V2BNZQ8925&gtm=45je4250v882051464za200&_p=1707405507118&gcd=13l3l3l3l1&npa=0&dma=0&cid=207123693.1707405508&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAC&_s=2&sid=1707405508&sct=1&seg=1&dl=https%3A%2F%2Ftesserent.com%2Finsights%2Fblog%2Fdumping-windows-credentials%3Futm_source%3Dpure.security%26utm_medium%3D301&dt=Dumping%20Windows%20Credentials%20%7C%20Tesserent%20Group&en=page_view&_ee=1&_et=2&tfd=6669
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V2BNZQ8925
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.217.24.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: hkg07s23-in-f14.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 08 Feb 2024 15:18:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://tesserent.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST bulk
metrics.api.drift.com/monitoring/metrics/event3/ Frame 94EC 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: metrics.api.drift.com
URL: https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
tesserent.com/	1969-12-31 23:59:59	Name: CSRF_TOKEN Value: 109dfba7fec86a3f889f668964a0c3811880895d0edabf104c7edde11c657205a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22CSRF_TOKEN%22%3Bi%3A1%3Bs%3A40%3A%22Y-HtP0oEhXkrdHV87I5EEkUnJEZTX1LQkLPflkeM%22%3B%7D
.tesserent.com/	1970-01-21 03:02:09	Name: visid_incap_2438560 Value: HjAZPWNsTcSh3YFOIv9mn8LwxGUAAAAAQUIPAAAAAADt055e1IFEevWJfdijOLXx
.tesserent.com/	1969-12-31 23:59:59	Name: incap_ses_1469_2438560 Value: L15KGOvBuEcNS/MldPBiFMLwxGUAAAAAxFQzBfWr0iaYDEGNUjDUgQ==
.tesserent.com/	1970-01-20 18:18:11	Name: _gid Value: GA1.2.821107657.1707405508
.tesserent.com/	1970-01-20 18:16:45	Name: _gat_UA-180837359-1 Value: 1
.tesserent.com/	1970-01-21 03:52:45	Name: _ga Value: GA1.1.207123693.1707405508
.tesserent.com/	1970-01-21 03:52:45	Name: _ga_V2BNZQ8925 Value: GS1.1.1707405508.1.1.1707405508.0.0.0
tesserent.com/	1970-01-20 18:16:45	Name: ___utmvc Value: XMplXCQwbqPFswXDWxQLMcb4vwkCZYzQN8xJVfwIfhB/greuNB1ovKI87vEGNdFcImrGvN9rTqaSekU25LdfqJ+/M/83cANY36ZwNZN6Ry4f404rPhgPYl18jKOsfQg6bQxFJIme/gR6Vq6ZfuE7T9cgIUtwtVpwhRO15biibLFA206KgnF3GHL9itKwwKncCYc9RLZiJch1ti5njeytcXnwrGYUhWFMq2RMkR9TRDWR73XYzm52hsFYZvcyazc6ZTtxm/0I/bINfMR3xM3qZGvCQV8gt8y+lUoxN4eaTuq0kUYgHBhks6eSEnkSGqFoI6CKzzZppjY2RrHGjWzbiwzXZ9W+oljlAj8lGWpJrhR7C62+ZwlBSENFmGRPMzRJK6w8Mr9zgjxSZrYYRIF//b5/+Qb+lK/a59pLt/OPva07EYqqOrOO5WxSSDDbSpooXXVssSYy0P/vOLsYZ9nFCyXAPWrKVlNCg9jND/AV/1k26FcpsKW7J6G9OQ/q5dM41EfCocnfiyi6XHxqVA1brZ6icq8sRt9p93fUVGls1JbjpQgoqBS6E07NV+EA2HeI+qh8R/hEhzQsGXYa7+MLgXSyzxn7pmRI7xvjw+9jN+0o3isJ0xtVw4VGJTMMVWx5oKRggnJ3afUrt/a0/Bop1D/l4xthxud79NZB0TjA+10zfIh08YT3H7rdHda0zXP3gl+WLnea+kcneZJUia/MyTk7uwozIIZYpBmmCy8nIeqdKsgpQdBcfpToSWsEvUSgiqwuf6bvkirhCgkorSlsxZZLuF710m2IldjLkGT3+anKrLdUNFYb1bKKW56yfk1yNMOvcL1fBP+m7q37iE+yR/V4+2JurcUlGrqiV2WGOZbkvPA2q0sMGTnsz4AIh0TEJFrdKIet7+k5CElPtF92CrW0cDwXcEydp0EaBIFHS+oC8JuoRrt9UvPcAWiiZx1d19tMXt7GL7Kxqn9fMbXAW3CWg8OOkSr9Ixp4GWsaXKIm/Bg4ptrpjTVHVe6F1xw7MUxcRXNHl+Fh3a8NqQ0R2gg8NwJgnz6cUC4EUMDDxfR/g3Gm6NrwVQhgCP1go0W9ULgerEEp5gtIRCCUEOPEL0vGfE2nCR6m+f9W+JaiiPItDUOSPkO+d73KWKrA0Gyg236NqwknTNvjUlfhznA5NtW5XFE1q33vvWTc/7Fk4gUmQTPRrhIyZpEriLAbytf+UW/8dJfALxZ9InU65iLyHXCyMhsgXLzMMGJqBmHM4wEN0F7hvVkQssQVdpN7M9HgfYTuSEoUzUsYJ4nMcCjvjjQzJF4i/S79zYR04JtOgThwcgFFImSfU4CS7NGMcjVyPhpAZAbFZTI0ZYAoiOpOS+gAYx+t/ds6IKxZ1n8ML/QivznP7rO1xCaU0TjQxKMdfvWZ/pzhjLO6/CtSkhXEQEo7+5Cjirfl9lNPy3QjJKcCVCRHinTk4NILo7FjxvdRbAjgrFOxG7LNYlwb8c8JYUGwBSjEhVCHHhYjfALJqMYVWMJlZmZNHIrjEg3a6lXXAItyoj/2WDD5JKVo0muL+dtCOTzvmBvXVhsFVxe45rbASnZ8oeovg4xO0oNq+ecP3DMmTNxKiW/lkyjvWsUtAyofAYI4Hw3S8+mO3ouTPTzmCMLQxPi7L2MJFOBuK9SnjVwPmhM7zhdipl+SSkrAAkjIXLpJ5vprAvN7OStU21LBRLcXulE+cfmsEANzq3x3aDF1nJr/Zn6A4md9uMSmg+JdwNlcTjMrAa9rIqJ9vpDhKxdC7JisoKGQO9dn4QomrzZabNeKXgZfnh0o6KF//8y1b0saxq7Cb+VDqsN80Vu+1XzVIvQVe3/41/SCmpnR07ytwzLAd5Qg7OxvX7POmJZ9zKRM2Pm47DrCenJJbtRa3NoolfpucNfFEdDu/5N2P92npcfiOHSPuFXsJkyfjjgEbDJ4dlTK64GTAhYAhQauZU4LIjvSsDqDFr2BxaBIEfjZUc0lBay16JGKnCR0FrLBxEQAoMmzOG3oYZJTNG4r6CtDQ7U0MeUROTuEn42VS1Ac2E3clu22E/CiH/8bg+BSoJqBLiA3QQtKiRR4n10bW2XJT2oPCYi8KBtx/end2v1jAZv3iGHUuMhg6JLziK2KalAcMYBGPuSTRSkb/+BDIYla646nHkJaA14jASzUOmnAcoGgIupNCYR4eyolrVyqmV2gCzRrhR6AymbUqlQ6obnD7FHKv1LyvHbOeGNTHumI9m8E6TFMMmmL52S2WajLZgfvpJwQqeDoYb5BrbY1YJILmtxiYA7maYcdgrajW7FqIUbcUW7naIKxItRWL17YE3HdHmXc7lYvjZFWBy9hy5omjwDw0p5wKaPp9C8R+CyWv3wj+FG2IXqCyE033vojcJK//klMTcMmowJrHKn2uHJbnRsTG1NLTq34sNawfQuR8Lfs98Z00UOp8QWj8UxqXcmWXL5R7wFL2K8F+fOq3ZJ+UFM6FrWfwvE6wT4vT9dpTboABWQrXu6VwscHTgc/XZ661g4yh2vTq5pgbw3zhhJadOGGGR7SF1FAnYRkAqPFtu3BwbrxPrFMz4YNCFUpTxBA7oQyuBs7G9pUAJ0qaYKmNiOQ3CQRHZHt5cZ5mZsMLuh2VyvoGAngrozSol29krnnCSbhdk2amdXFNpQB4KvJizCb0LVujf5fTKw1LPZvBNmV5NWUSQ9d6Hwlh9V+EfdidlWQfXmIWYd3dZaugEBzJ1xOC8ytX1/4/0mcgl2HWS/LSnUTILJnp6nBZc+dqmi6d0Vkb+jzLe6MZN+S72YBOJAsZGlnZXN0PTE5MTcyNSxzPTY3YTE3ODc4OGJhODdhYTY3Y2EwYTE4MmE2YWQ2YTZhNjY4Nzk2YTZhYjhlODQ2NDVjNjk5ODg0OTZhNGE4YjI2NzhjODc5ZTdiYTA2ZTc0
.linkedin.com/	1970-01-20 20:26:21	Name: li_sugr Value: ee880045-cd85-4fd1-ab2c-dbffcaa5188d
.linkedin.com/	1970-01-21 03:02:21	Name: bcookie Value: "v=2&5f8307c5-f6f7-4e3c-8349-76c03e1d0fa6"
.linkedin.com/	1970-01-20 18:18:11	Name: lidc Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2792:u=1:x=1:i=1707405508:t=1707491908:v=2:sig=AQEE5xdzBEQwJGrj2BxWFXYnWL8tF2Co"
.linkedin.com/	1970-01-20 18:59:57	Name: UserMatchHistory Value: AQL4s4F2OKGbjwAAAY2JTICujQgS1l41u9nhKYmKq0QSvPtPjurV1KXzUZdPc7qrYk84SpCF9KR2nw
.linkedin.com/	1970-01-20 18:59:57	Name: AnalyticsSyncHistory Value: AQLaQ_dMAD0pEQAAAY2JTICuqdiqgmJouOSilV4PsblxNymCI66xKXzdjjzOoQgT4fO6zMtRZDsKEu0N56vIlg
.www.linkedin.com/	1970-01-21 03:02:21	Name: bscookie Value: "v=1&202402081518296cfeabfd-1fd2-4e76-89a6-fff603bf93a2AQF_G-8XAzZffjiM23R7R3OVu8x6VW2J"
tesserent.com/	1970-01-20 18:16:47	Name: drift_campaign_refresh Value: 76ccfc19-ff61-4131-be3e-48d72d2c66af
.tesserent.com/	1970-01-20 22:35:57	Name: __hstc Value: 236389406.dc5bc400f3433319b57deb3bc27ba7b1.1707405510089.1707405510089.1707405510089.1
.tesserent.com/	1970-01-20 22:35:57	Name: hubspotutk Value: dc5bc400f3433319b57deb3bc27ba7b1
.tesserent.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.tesserent.com/	1970-01-20 18:16:47	Name: __hssc Value: 236389406.1.1707405510089
.hubspot.com/	1970-01-20 18:16:47	Name: __cf_bm Value: 3R7Wgsth7trT.w1QbQMH_Bl0FRw5PabFeaXpsVgBAO0-1707405510-1-ATvP8oJEA2wxnO8NctJWXPXLCfXzyD5B0LXSPAkNVxGBi9854pMXXE8jaf5mh/1onR6qM7S/JV8z0L/Qi5syY64=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: AJ5DR4GMH4AVkwO7pyBVPHAjakY.0ID9pb4oPQwB9Og-1707405510642-0-604800000
.tesserent.com/	1970-01-20 20:26:21	Name: _gcl_au Value: 1.1.1937517461.1707405511
.doubleclick.net/	1970-01-20 18:16:46	Name: test_cookie Value: CheckForPermission
tesserent.com/	1970-01-21 03:52:45	Name: drift_aid Value: cda6c2f1-7b2d-4765-8ba7-0c1ed408f687
tesserent.com/	1970-01-21 03:52:45	Name: driftt_aid Value: cda6c2f1-7b2d-4765-8ba7-0c1ed408f687

29 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://js.driftt.com/include/1707405600000/y8mfnrwaiadh.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://tesserent.com/insights/blog/dumping-windows-credentials?utm_source=pure.security&utm_medium=301 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
bootstrap.api.drift.com
cdnjs.cloudflare.com
customer.api.drift.com
event.api.drift.com
forms.hscollectedforms.net
forms.hsforms.com
googleads.g.doubleclick.net
js.driftt.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
metrics.api.drift.com
p.typekit.net
pure.security
px.ads.linkedin.com
snap.licdn.com
tesserent.com
track.hubspot.com
use.typekit.net
www.google-analytics.com
www.google.com
www.google.com.au
www.googletagmanager.com
www.linkedin.com
metrics.api.drift.com
104.16.191.89
104.16.78.186
104.17.204.204
104.17.229.163
104.17.24.14
104.17.89.154
104.18.176.125
104.19.154.83
107.154.81.3
13.107.42.14
142.251.221.68
172.217.167.72
172.217.24.34
172.217.24.35
172.217.24.46
172.64.153.27
18.67.93.111
23.32.5.109
23.55.38.66
3.94.218.138
52.62.219.149
05061432fef920d19783f5fea3b91ff9b505b8fa0dbf244a2e6308d40e75c457
07ebea0ed355ff59f4a0a578ec318d5626eb2332fe7eabdbe47ae5ef451e3b2b
0cf5d52f67ae2abd5e7d4f4f078ec76ffa39eb58badc33c745c269cb21d92425
0e885e6d656c733abf4f6db8ac66bbfd9c056e145747f515ada265d2b737de54
13e58c121c0928e16f39c98790e14cb9ff280abc1cb496f5525896da38215913
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
21bdcdfd51ead1961cd0b8c2eea45de39624ab06acda8a32987af4cf8ca28f15
21cac30de7f4bbf46d2a40386b03d4710ad4507e484442b345f3ebfaac0cd20f
2332421cda353435e034696a9f79995919ba636d19624a1548a8b90b74e1bb00
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2c315df0a773f01506eb2c2adc4086ec5626b90f645d358f109d5ba6064c610b
328e803532bfb62791e258298b3ca6682a6dbb6c99893f58ab55e2d82ae1c5c1
3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5
3ba6696cd2574d682e8a8b0703a07d6d407713651da1fae89da2cfcdc244f293
3c9989b9d2404be9d20e1475f3809206f00357dbca05576d630aa62d7df2b5bb
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4685c5005b6426341771992f54aa26f0fb9428329b68cd95359c83685513c9f2
46c639ed12c0bfb0aa5b5ee024e58112e371e3a45ef3d0df33b64fb7a6a0c063
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
4891ae2b0a7fd1bd7180806843221e6d89a9d08d2bd1ea14adcf42cd74176a6b
492d8139a0a1df2de4a7c0d80323c04a9514e8f0742f9456ba04f00b9fcd9115
4afd4eb6576c8d413e274d5ff87bd8550b3581218f1bec30db4ac42b2e1b77c9
51bf72f312f410abf746939bad038f336a772c922817d058aa93c4d5be10794f
52d87460560d706c4aa2b62216ad84345b4292322c818c69fd55bb234afd4c83
58d24dbf6eb89644f23f4d419b0a020e2047d1463bdb133f27fbb14665b0dd74
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
59173f786dd1f3802f7ab26fd339aac4099dc10c6cb54a6a92213e6af277592a
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
6866e1af082074effe82f93fc95f0176ba08afb107b3e135154517f954490789
69dd333c29a4b5e4af6ba9979f292b4d48639a55d21b5a9c518c0338644aedcf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b64e07a5bc505e12fa9253d28619739c57cd8c80eb9b1e54aa44e06c0ef3a3f
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
7095d0e2b564071b77768a9a5c6ea7911d813d3cbb4cff1cf0834665fdb60cbc
7329f5636cfbff9a5a36d7bb48527480c8c5cb0cb10bdf96f57e7de32f9fab56
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
7bdb4df8b9e89ce3fedf097a384cf33a506bc8914822be4794971d8a77d1fdc1
7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d
7d78bcb45e61155283355f98b205d9dc7b416aef6cfd5ae58c76d7633941a52b
7ed9cf795cf7e9195af6798c755343aef1ecb5acba6b304a1e3de7215eefb89b
834248c40036ddb3089729210c9587abd79700a044376db2d11f38d5d96ec09f
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
8954ae9654aea5d46a68bc5d91c063a3896a0d8a5927822049e4e06a4252b4a6
897f811bb47f9745182b2780e58cad6fab6ca5dc0d8d17f4e12dfb4a394ccdd1
8985cbddbd5efbc6442e3f35a0dc204c3eb3475f4ca595a10256174a6fe792ff
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
91d1bde942744d48fec9019c7b87b351f7a165e544d59fcbb4e43f3309be4ab9
9220386a8ee260edb2751c2930a77a194ba55eccc57fbbfb095b01c10869acf3
98068608adef19a83f48ac6f25c155b65a8b610012d80a054f0620bcd3c6406b
a03b854d10519fd5be9cdcbc78fad3927c1a3de9e84fa74353c8a19cc20d0501
a0ecd664d717fc9ad0a511a6379f291db344fd80bfe9058989c0f4d658d65e1c
a55619fd27a0e1c6c940e668707a13ea02bc52953106260a570c28e5a300c070
a644fed075ae3206cd0167b762fb97a79304a44bba562b1851b4859a018dfcf9
ad73a6a82829247d43d39d401432c480062a70c4ebf43d87c27652e660c6133e
adad94a352232dc30ad61ca7aed4ad1138d3d2c511410f6e969c1fc11ef3e0c4
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b1700a9f05644621ffe3a13f59d5258261f170718eb8a6076e5fc55cd918afc7
b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1
b4c36bd623e62bea63b81dabb7ce6f9e3ae05c5d22f11d2c3a5802ced3c9c499
b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0
b54e95b6ef95f1ea9fc9cdad6dab9bf804f2dd972a0632cae9f65cc6c9f27d5c
b6da2852778840c0456b598c5e78236c7e0e6f6e23129685865f5a0a5bd1d538
b719f176934484af274e2cce8cc00fa7af0984776f14bb25936001b48e507177
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b96d9bb7b91262acc3dca119cf2460a07e8e86e16d1cef817869098c93b8b727
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bbdf96a7127c172553428c33d812a39e8323826e4b853eded3c1c01df4ad1c71
c4304f470b188a8b2d79c6f0fe24837eb75b03d713b030dab62a966cb6f20e1d
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c6077ce4a1d852351ea0726214b7c07cd487591f88c7f544413c07e34164a83a
c81c1d120e4db970bba92a7d098b516eba77c684708812d3d9ad9aeed8b4f33e
cc313ba9c9a3e07fdbaf746f9a3ca73ddb646b2a3f1779922f7cfea67ba2e8fd
cd8eadfdef901d028642eb9c7a1bcf2b3a718244a535f725dbb3188fecf7d425
cfe7944953b537c627a1378d2d55937165f404d03963139c623f5bf1edd6bb66
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d32b4433423a8dff86f58d48f001fbd34b09a0ae449ff5bbf1b2363961447240
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d8efe59cc362d7078a5cf2605c42336afe5e3d32657c46aa95a9b7b42b9c1ea7
da326b8f1ed9d9cb6c6f6b3603e8aa5204d5715fcb5f1134df72fb53a9e4bd69
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
ddc14efbca9bc150b0bdf8022cec88fe0ae7faca1f86dd5e9ed908f6edbc0886
de02f823be67188fc2edac210f42ce4d122477a75e6820f1c17194de5e188fa3
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e17ed6f660604edd30f3fb7d0d9f8ff81897a294451d7c5ad93b730ffcb6e5b9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e4b992ac5ac4af9baa0dbb30e073947249a1f63cea357fd403d06aa1e01c4bdc
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef82496f058d6f41ccad86ca70fbf6d54b81310ea662392bc564e3d4ef873a4b
f119004b0a6cc640bf50831d5b46d5f6e381b667f15e236dfe94f1ac680ea4f9
f71a2602d6497d62e2a21e1f415cd8d38d4aa7cea9312a91e5cc276e18939956
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fd53afd3d83890806b14513ee8438283da141aad79a9d75391e3b9e0b6cdf829
ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

tesserent.com Open in urlscan Pro 107.154.81.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

143 Requests

99 %HTTPS

0 %IPv6

21 Domains

27 Subdomains

21 IPs

3 Countries

3473 kBTransfer

6936 kBSize

25 Cookies

39 Outgoing links

Page URL History

Redirected requests

143 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

tesserent.com Open in urlscan Pro
107.154.81.3 Public Scan

Screenshot
Live screenshot

Full Image

143
Requests

99 %
HTTPS

0 %
IPv6

21
Domains

27
Subdomains

21
IPs

3
Countries

3473 kB
Transfer

6936 kB
Size

25
Cookies

143 HTTP transactions
0 data transactions