blog.zsec.uk Open in urlscan Pro
2606:4700:3033::6818:7f2b Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.zsec.uk/zerologon-attacking-defending/
Submission: On December 10 via api (December 10th 2020, 9:57:23 pm UTC) from US

Summary HTTP 69 Redirects Links 35 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 16 domains to perform 69 HTTP transactions. The main IP is 2606:4700:3033::6818:7f2b, located in United States and belongs to CLOUDFLARENET, US. The main domain is blog.zsec.uk.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 4th 2020. Valid for: a year.

This is the only time blog.zsec.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	2606:4700:303... 2606:4700:3033::6818:7f2b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:1b:... 2a04:4e42:1b::720	54113 (FASTLY) (FASTLY)
1	185.199.109.154 185.199.109.154	54113 (FASTLY) (FASTLY)
1	151.101.112.133 151.101.112.133	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:a723	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	65.9.73.72 65.9.73.72	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6810:7aaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1b	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE)
1	172.217.21.226 172.217.21.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
69	18

34 2606:4700:3033::6818:7f2b (United States)

ASN13335 (CLOUDFLARENET, US)

blog.zsec.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::720 (Ascension Island)

ASN54113 (FASTLY, US)

images.unsplash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.199.109.154 (United States)

ASN54113 (FASTLY, US)

github.githubassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

avatars2.githubusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a723 (United States)

ASN13335 (CLOUDFLARENET, US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.73.72 (Seattle, United States)

ASN16509 (AMAZON-02, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7aaf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f226.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	zsec.uk blog.zsec.uk	3 MB
8	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	194 KB
4	twitter.com platform.twitter.com	31 KB
4	google-analytics.com www.google-analytics.com	37 KB
3	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	86 B
3	cloudflare.com cdnjs.cloudflare.com ajax.cloudflare.com	9 KB
2	google.de www.google.de adservice.google.de	910 B
2	google.com www.google.com adservice.google.com	910 B
2	unpkg.com 1 redirects unpkg.com	74 KB
2	stripe.com js.stripe.com	49 KB
1	googletagservices.com www.googletagservices.com	28 KB
1	googleadservices.com partner.googleadservices.com	436 B
1	jquery.com code.jquery.com	30 KB
1	githubusercontent.com avatars2.githubusercontent.com	25 KB
1	githubassets.com github.githubassets.com	1 KB
1	unsplash.com images.unsplash.com	315 KB
69	16

	Domain	Requested by
34	blog.zsec.uk	blog.zsec.uk ajax.cloudflare.com unpkg.com
6	pagead2.googlesyndication.com	ajax.cloudflare.com pagead2.googlesyndication.com
4	platform.twitter.com	ajax.cloudflare.com platform.twitter.com
4	www.google-analytics.com	blog.zsec.uk www.google-analytics.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	unpkg.com	1 redirects blog.zsec.uk
2	js.stripe.com	ajax.cloudflare.com js.stripe.com
2	cdnjs.cloudflare.com	blog.zsec.uk ajax.cloudflare.com
1	www.googletagservices.com	pagead2.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.google.de
1	www.google.com
1	code.jquery.com	ajax.cloudflare.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	ajax.cloudflare.com	blog.zsec.uk
1	avatars2.githubusercontent.com	blog.zsec.uk
1	github.githubassets.com	blog.zsec.uk
1	images.unsplash.com	blog.zsec.uk
69	21

This site contains links to these domains. Also see Links.

Domain
leanpub.com
github.com
www.paypal.me
ko-fi.com
twitter.com
docs.microsoft.com
www.pentestpartners.com
www.netsecfocus.com
dirkjanm.io
portal.msrc.microsoft.com
support.microsoft.com
gist.github.com
www.lares.com
msdn.microsoft.com
ghost.org

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-04` - `2021-08-04`	a year	crt.sh
imgix2.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-11-12` - `2021-07-07`	8 months	crt.sh
*.githubassets.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-11-09`	a year	crt.sh
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh
ajax.cloudflare.com DigiCert ECC Secure Server CA	`2020-08-11` - `2022-08-16`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2020-09-22` - `2021-02-03`	4 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://blog.zsec.uk/zerologon-attacking-defending/
Frame ID: 960DD1748366EA50CC2423FE77DD8B4B
Requests: 65 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html
Frame ID: 96591DEF9D8F85D772D8EFC75BC94D49
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fblog.zsec.uk
Frame ID: 1444551588B1C82AF0780934318A25F7
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-59cdd15d8db95826a41100f00b589171.html
Frame ID: D592687F6D14DA1CD957375BE2BCD70B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-5360859507810376&output=html&adk=1812271804&adf=4235265862&lmt=1607637427&plat=1%3A32776%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&ea=0&flash=0&pra=5&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1607637427173&bpp=15&bdt=1143&idt=242&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8695718617440&frm=20&pv=2&ga_vid=2070731234.1607637427&ga_sid=1607637427&ga_hid=271916530&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946&oid=3&pvsid=4151593624143348&pem=384&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=263
Frame ID: DFAD5630E7643804BEC58A57745E615C
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/index.html?creatorScreenName=ZephrFish&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1306522388704657408&lang=en&origin=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&siteScreenName=ZephrFish&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=550px
Frame ID: AB56221294E72FB7BBFB6C5E0D102C78
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: FCD290CAE814E17C349EFCF04A58B76D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ghost (Blogs) Expand

Overall confidence: 100%
Detected patterns

meta generator /Ghost(?:\s([\d.]+))?/i

Node.js (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /Ghost(?:\s([\d.]+))?/i

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

script /js\.stripe\.com/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

69
Requests

100 %
HTTPS

76 %
IPv6

16
Domains

21
Subdomains

18
IPs

5
Countries

3899 kB
Transfer

4947 kB
Size

4
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://leanpub.com/ltr101-breaking-into-infosec
Title: LTR101 Book

Search URL Search Domain Scan URL

URL: https://github.com/zephrfish
Title: Github

Search URL Search Domain Scan URL

URL: https://www.paypal.me/ltr101
Title: Donate

Search URL Search Domain Scan URL

URL: https://ko-fi.com/L3L62S5FK
Title: Buy Me A Coffee

Search URL Search Domain Scan URL

URL: https://twitter.com/ZephrFish
Title:

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f
Title: MS-NRPC

Search URL Search Domain Scan URL

URL: https://twitter.com/myexploit2600
Title: Neil Lines

Search URL Search Domain Scan URL

URL: https://www.pentestpartners.com/security-blog/building-a-lab-with-server-2019-server-core-and-powershell-then-attacking-it/
Title: you're interested in how to do that check it out here

Search URL Search Domain Scan URL

URL: https://twitter.com/tj_null?lang=en
Title: Tony

Search URL Search Domain Scan URL

URL: https://www.netsecfocus.com/home/lab/2020/09/21/Tjnulls_guide_to_building_a_Home_Lab.html
Title: here

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz
Title: built from source here.

Search URL Search Domain Scan URL

URL: https://twitter.com/buffaloverflow
Title: Rich Warren

Search URL Search Domain Scan URL

URL: https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon
Title: SharpZeroLogon

Search URL Search Domain Scan URL

URL: https://twitter.com/armitagehacker
Title: Raphael Mudge'

Search URL Search Domain Scan URL

URL: https://github.com/rsmudge/ZeroLogon-BOF
Title: Beacon Object File(BoF) for Cobalt Strike for ZeroLogon

Search URL Search Domain Scan URL

URL: https://github.com/BC-SECURITY/Invoke-ZeroLogon
Title: BC Security's Powershell port of SharpZeroLogon

Search URL Search Domain Scan URL

URL: https://dirkjanm.io/a-different-way-of-abusing-zerologon/
Title: Alternative Methods of Attack

Search URL Search Domain Scan URL

URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472
Title: can be found here

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#EnforcementMode
Title: enforcement mode

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Title: This policy should be used as a temporary measure for third party devices as you deploy updates.

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#theGroupPolicy
Title: "Domain controller: Allow vulnerable Netlogon secure channel connections" group policy

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc#Windows%20event%20log%20errors
Title: this can be found at this link.

Search URL Search Domain Scan URL

URL: https://gist.github.com/silence-is-best/25ae0929c277642e86ecf592598a3254
Title: Snort Rule

Search URL Search Domain Scan URL

URL: https://twitter.com/james_inthe_box
Title: https://twitter.com/james_inthe_box

Search URL Search Domain Scan URL

URL: https://github.com/corelight/zerologon
Title: Zeek Detection Package by CoreLight

Search URL Search Domain Scan URL

URL: https://twitter.com/Antonlovesdnb
Title: Anton Ovrutsky

Search URL Search Domain Scan URL

URL: https://www.lares.com/blog/from-lares-labs-defensive-guidance-for-zerologon-cve-2020-1472/
Title: here

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/ms684354(v=vs.85).aspx
Title: DS-Replication-Get-Changes

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/ms684355(v=vs.85).aspx
Title: Replicating Directory Changes All

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/hh338663(v=vs.85).aspx
Title: Replicating Directory Changes In Filtered Set

Search URL Search Domain Scan URL

URL: https://twitter.com/acalarch?lang=en
Title: Adam Swan of SOC Prime

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog
Title: Kevin Beaumont

Search URL Search Domain Scan URL

URL: https://github.com/GossiTheDog/ThreatHunting/blob/master/AzureSentinel/ZeroLogon-detect
Title: GossiTheDog/ThreatHuntingTools for hunting for threats. Contribute to GossiTheDog/ThreatHunting development by creating an account on GitHub.GossiTheDogGitHub

Search URL Search Domain Scan URL

URL: https://twitter.com/GossiTheDog/status/1309048793183158282
Title: https://twitter.com/GossiTheDog/status/1309048793183158282

Search URL Search Domain Scan URL

URL: https://ghost.org/
Title: Ghost

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://unpkg.com/@tryghost/portal@latest/umd/portal.min.js HTTP 302
https://unpkg.com/@tryghost/portal@0.14.0/umd/portal.min.js

69 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.zsec.uk/zerologon-attacking-defending/ 69 KB
19 KB 291ms
263ms Document
text/html 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

fa998d62632df8b053f88eefab8c2b32d9ff3a968dae5fbb8d374736fea11cbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: blog.zsec.uk
:scheme: https
:path: /zerologon-attacking-defending/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=d20daed733bd7f46bbf680664d48ae4781607637425; expires=Sat, 09-Jan-21 21:57:05 GMT; path=/; domain=.zsec.uk; HttpOnly; SameSite=Lax; Secure
x-powered-by: Express
cache-control: public, max-age=0
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
cf-request-id: 06f041766900002b5908063000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IM8n8miy8pHQF4AEQ71%2Bt0XUVy86klHuYnh5yEXtJ%2Fy5nTP6JXGLsZX8F%2ByW8s6TxK5KZTB2FUNI22gkY4imyfDnspUc%2BJ%2FLTDofiHnP6nnvISzU5yjMtDY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 5ffa38370a392b59-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 T1yD9DLCXRcTVPMZyuU7nvkM29E.js Show response
blog.zsec.uk/cdn-cgi/apps/head/ 7 KB
3 KB 437ms
436ms Script
application/javascript 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.zsec.uk/cdn-cgi/apps/head/T1yD9DLCXRcTVPMZyuU7nvkM29E.js

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5fb47c81bbed3f443dad85c60698e903b3a10ec4998ad1b172fb2fe155b30ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-request-id: B1801EF724DCAB94
content-type: application/javascript; charset=utf-8
strict-transport-security: max-age=2592000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: xZZvscny+6ijNLF3Y+YhPf6AelaKLpTX21upvaC6/YYDv7nZmLhG9FgPksOnrPdL5sm57sXXJ/4=
last-modified: Sun, 15 Oct 2017 11:41:33 GMT
server: cloudflare
etag: W/"0d6c3073020a19c718b471f7df0c0a4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OzC6OSVsMddCIb8DoX7rNL5kqw6pPrNo9pNSfFZNO4wCka6E3UqLblYvNHnUPJj4OxaIJmPqJm6tqnAf%2BlQkIJK7%2Bkes4H03b%2F5QSeEpWLYn8JW5CXWtswA%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: SBw9zcPjwsr_fnG9qWHbNoXr8ozHVOWZ
cache-control: public, max-age=31536000
cf-request-id: 06f041777400002b59dcad9000000001
cf-ray: 5ffa3838be5d2b59-FRA

GET
H2 200 screen.css
blog.zsec.uk/assets/built/ 44 KB
9 KB 32ms
32ms Stylesheet
text/css 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.zsec.uk/assets/built/screen.css?v=cfc2de25e9

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0cf81d94498e9224c19fc2657470249a93f91deb0ba14c16f03a21665494f9d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
strict-transport-security: max-age=2592000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"afb8-7438674ba0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kxzlg6TJuc%2BPKyYFv%2Byqo%2BlbTRLIJj16U%2FJMOIvQ%2BqdIaSPvSQOUlQJmlAVMqrAL4KySidaPboaUNaMX8De%2BGULqSVd0MJ8r16Z6gaeaahJ6YrqLqeUE9mE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
cf-polished: origSize=44984
cf-request-id: 06f041777400002b5930309000000001
cf-ray: 5ffa3838be5a2b59-FRA
cf-bgj: minify

GET
H2 200 tocbot.css
cdnjs.cloudflare.com/ajax/libs/tocbot/4.11.2/ 565 B
641 B 21ms
21ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.11.2/tocbot.css

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d46d20f79bec4b5b6ed6fe6a7d90c9fe7c8f4053632806488c31255561623ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.zsec.uk
Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 725434
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 228
cf-request-id: 06f04177740000bf0f892a7000000001
timing-allow-origin: *
last-modified: Sun, 07 Jun 2020 21:41:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5edd5f21-235"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=E3dGcsV9%2BTUHEzpFyQkYKqPGDrXy3dRiYx0jCL0aUaZrjboZqKhuYaFhhky%2BSPZBSUCWWvOTwBpy5U2FtWbX7TZQFUIU%2Bu86uEjnQ6R5AK2lJxiBSP4ejGZ%2BsW8uW2X8hg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5ffa3838b97bbf0f-FRA
expires: Tue, 30 Nov 2021 21:57:06 GMT

GET
H2 200 BannerPublish-1.png
blog.zsec.uk/content/images/2017/10/ 2 KB
2 KB 27ms
26ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2017/10/BannerPublish-1.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

c02fc68565112773536bdc781f6ec47a0bca8c0d41a3282da31bf28419aaac98

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 1637
cf-request-id: 06f041779500002b5948a3d000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 16 Oct 2017 19:38:05 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"665-15f26b17738"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hTGk8t%2FvwCnsC9fEACHQIKRgE0T%2F%2FdJ0wKLrwl%2FH4rJXlU3GutD1vofq7RBi4S3ajra%2FjNkq3J%2FvF2AmyCt4vmGSycnPLHIyRG7AVFnci8jr0wFoekFm1nc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa3838eeba2b59-FRA

GET
H2 200 ZSIcon.png
blog.zsec.uk/content/images/size/w100/2017/10/ 814 B
1 KB 27ms
26ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w100/2017/10/ZSIcon.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

41d9b00eb3f443e1eb77b8c37a7694c21a21d2f2e7116c0095254a19889ce3e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 814
cf-request-id: 06f04177b400002b59351c6000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Jan 2019 01:53:26 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"32e-16878698190"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hpwfKroG3TXpNJFKtqlefPqgTPnpcxBW1uSsa3BpWr7ngAKDEl6uvBdy2P4X%2FOLsfjQEJ3za5efsbpo9vPQZW8%2BNDNs1Jd%2Brv%2F4p8n9KM5vrfm3icB6AjuI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa38391f1c2b59-FRA

GET
H2 200 photo-1600065621656-889fe211b7c8
images.unsplash.com/ 315 KB
315 KB 23ms
9ms Image
image/jpeg 2a04:4e42:1b::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.unsplash.com/photo-1600065621656-889fe211b7c8?ixlib=rb-1.2.1&q=80&fm=jpg&crop=entropy&cs=tinysrgb&w=2000&fit=max&ixid=eyJhcHBfaWQiOjExNzczfQ

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::720 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

37f589a67b765470fbc3021079cfc9e08b9dc6574dd50e5d0178b1596d0c9fc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Dec 2020 17:20:29 GMT
server: imgix
age: 621396
x-cache: HIT, HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=315360000
x-imgix-id: 4b4f2ac6b05c8a3b1106b38a7c24f19fea4c725c
accept-ranges: bytes
content-length: 322552
x-served-by: cache-sjc10022-SJC, cache-hhn4063-HHN

GET
H2 200 image-4.png
blog.zsec.uk/content/images/2020/09/ 702 KB
703 KB 46ms
46ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-4.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e9664f1768f88ac09286d448b557b00e8d302ca86a67f2e034a85de0800e61b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 718625
cf-request-id: 06f04177f500002b590f00a000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:14:32 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"af721-174bbf5a7da"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CypDX5Vln7bsoXzy739SP1aQGKMSo%2BxvsXk%2FD%2BN1XXFtlnIG1fUzWzoMWN6iEJWWOPkdsySGTHzsy6%2FsjIRw72n9AKdnt0ng1v8GXoLAXI14aqGHsFdk3Q8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa38398feb2b59-FRA

GET
H2 200 image.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 23 KB
24 KB 55ms
55ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

aa05e03792a47c2e4949e2dd311cf00800dcf01c1d6ae2d4c41862cc29d79f79

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 23714
cf-request-id: 06f041783800002b591f275000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:11:50 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"5ca2-174bbf32ddf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=d8jEgDSfLAIXThr8mdF9vjScfMTFjS9lgBel3CuB0O%2FK4STnoriLXuTU9xg5U%2Fipc4Yu2tSxS%2FPrM0PGA7Oct7PALzxHW76i58RUQ6Bo0zbeWyuUNFXsZoc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa3839f8fa2b59-FRA

GET
H2 200 image-1.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 18 KB
18 KB 31ms
30ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-1.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

52e7ef615597e465d6f55395523c432db27bdd437e6a3ae8031b81bb50398e61

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 18562
cf-request-id: 06f041787000002b59142a5000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:11:50 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"4882-174bbf32daf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PnCxFuosCZqewWpNzX7PPZnCl0BAlDBSwTih5XR0MNnUDZIidRj1tyzb7LduKUnaEpBcXnkzfDPgTF3buap597dl%2B1Wl5wFwIQJlcfF2XM5Iux1k%2BuAuohs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383a49af2b59-FRA

GET
H2 200 image-2.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 5 KB
6 KB 32ms
32ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-2.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

ba723f7c43868bc8dccca0cfcf539bea9116f6c26e1993fd88d852fbc80b316e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 5474
cf-request-id: 06f041789000002b59e9b59000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:11:50 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"1562-174bbf32cbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YBIlZE3IC1T9A9bF3zC08m2DRAQNgTKdV%2BAFnxp01nYrENwNjC3bmfKeMKF7o19agkk8ThN5Iu3cLaNjPg9SAF63AMLK044Eh4%2BgUqnXrbS0JoYhPGHjMuQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383a8a1a2b59-FRA

GET
H2 200 image-3.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 346 KB
347 KB 34ms
34ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-3.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

702b620d2c5df269f28aad6d9765187541a6598cb02a58316cdfecad2ca39aa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 354149
cf-request-id: 06f04178b200002b593f0f6000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:11:50 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"56765-174bbf32f03"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QZuhNXPK9SKWj96F27z4XUokDqqG8w1%2BMPmBbGLpr1LHv0OirycdKTA3bKBFgAM%2FcsozYKzYi4wjuaYxo75WObH4I%2B6xECXG%2F8A%2FOjLpgKta27Bw9AEnXr8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383aba982b59-FRA

GET
H2 200 image-6.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 179 KB
180 KB 27ms
27ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-6.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

de5ef4d33bb14981c7785633937454e6b4edaf5d6cef90d310f7c7f3a86db92d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 183290
cf-request-id: 06f04178d800002b59009c2000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:27:40 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"2cbfa-174bc01ab49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xRJvI2FEWVeiMXsVXNx8RUx5MQYmSOHAADOMXyk2F0hBEHxPOEKNx%2BCFond6xHDxx148ALo%2Fjs%2FpY5JWjzjEW2fmm3eI3aDh4cCq13i8gwXtUfZOkGrHUb0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383afb332b59-FRA

GET
H2 200 image-7.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 139 KB
140 KB 55ms
55ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-7.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d0d04d3e4e5d282c25116efb8e274774c1aab5c412f0bab5bddc3225b3c47e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 142154
cf-request-id: 06f04178f500002b59e9b63000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:27:40 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"22b4a-174bc01ab6d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=C9DPYYSoKob9jiV7ykSun3GGQoyELK1s7vJP1KJvsKWDmCPFh1DhmkPZRIwJ3t0mvH6KpJJg%2BdNuXMkcpjzT%2FTNnAJvs3TYMhJYPukVkYYwl7d3X3qdmJxI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b2ba42b59-FRA

GET
H2 200 image-8.png
blog.zsec.uk/content/images/2020/09/ 110 KB
111 KB 34ms
34ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-8.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

249db1cfe84c045ecf78f7023b062a3f0b242cdeeeedaead6ea17cef9d149f4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 113141
cf-request-id: 06f041792900002b59bd146000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:27:20 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"1b9f5-174bc015f72"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MDv5ktbWi9T0nRdgtoyDGz1%2BynJmBe52X2HYcY%2BMPHtLyXVrSld43TOMf77QLxmaTMvxiNUcg93LacPlIAAVrSsg4PVyEOoh5rjZiA%2BbSKRrfEu9m07MJu0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b7cc02b59-FRA

GET
H2 200 image-9.png
blog.zsec.uk/content/images/2020/09/ 110 KB
110 KB 42ms
37ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-9.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

64e904831cf317ee20c6e41a1ca7b476e24a016e614c3ba8e662fd8d24e0143b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 112645
cf-request-id: 06f041793300002b5933072000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:53:35 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"1b805-174bc1966f0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WowKN0y26H7F%2FLFKAcGQ7iqrmaEPnRSr7VxzOUnrS7z1V9KikvKBQgYMt4JagJxm%2F5OH2xrCILL1F%2BQCoFqtvjlYxTohfOvNgd3rSyXQNBTMjDju1h40l20%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8ce32b59-FRA

GET
H2 200 image-10.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 386 KB
387 KB 36ms
32ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-10.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

763fdbea7a24b13412e4dec7cc12b17528834a02ccca5e09493e48266b905c82

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 394991
cf-request-id: 06f041793300002b59bc929000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 18:53:11 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"606ef-174bc4ff6d6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qZa3m5GVXklNOOGNDRweL3s82U7esCm7OQjzsyPK1JjlPJ2KeJD7xAqUGr%2BkTYc9V56zVcW%2BGjsPVsV2Me1ey4%2BSOPR5nXhgstEB2BROqWVlmFvMjmwpYXo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8ce52b59-FRA

GET
H2 200 image-19.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 283 KB
283 KB 39ms
34ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-19.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

5f22c65f8d7ec9ef7408ca12b7f7a76bf8abd36c4eef9419f16a16c71f7ac499

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 289566
cf-request-id: 06f041793300002b593f107000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 00:39:21 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"46b1e-174bd8ce3de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nIfDkIk2JVMSKzQ3LrolhmozvXselAe5R99xkexF9uFioiMLHBq3m%2BZafnIWNpXHsv3t%2Bl19VMHqWJmMP2ubIvwoUJ8lJm%2FpNj3U%2BlICdnW8loL5LJltcoI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8ce72b59-FRA

GET
H2 200 image-11.png
blog.zsec.uk/content/images/2020/09/ 14 KB
15 KB 31ms
26ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-11.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9a380e74a5d40597f9b61083f322fc1f40e43bf5546081afacaf3c5ddcd8faf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 14671
cf-request-id: 06f041793400002b59080a6000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 19:39:51 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"394f-174bc7ab052"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qe3pbhJdEERMpv8YHwaCj0h76a0%2BT9LvOfWiratSDEkSj4JUoH8K%2FVf9GKIJRgNf4D9TdOfYFDlzukTbUk8w1Er4MQMEXs2rbKsCxGvkAR76gf0FxJCU%2FwA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8ce82b59-FRA

GET
H2 200 image-12.png
blog.zsec.uk/content/images/2020/09/ 18 KB
19 KB 35ms
30ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-12.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4be6175bfa75bc36572f4a539ad5f1414301a166310cc3a10e2365d48a4245a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 18677
cf-request-id: 06f041793400002b59e59c1000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 21:55:39 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"48f5-174bcf70749"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Iy5uU9wG%2FZeJLIip%2BvNIlqq265QiSigi095H%2BK%2FhB0uAbzKJN9WP0ZlB21TRFo8veM3QCqnj9liIebhMjfV7C%2FjVatVRCYGw7FhKl4Ml3%2B0rQx4jtfJm4eE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cea2b59-FRA

GET
H2 200 image-13.png
blog.zsec.uk/content/images/2020/09/ 11 KB
12 KB 42ms
38ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-13.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

88c91e1fd299ed684b16d24d49dae0111df54f70215122d0a5236326be87a991

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 11516
cf-request-id: 06f041793400002b59cd30d000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 21:56:49 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"2cfc-174bcf81678"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BSMNB6KwxxLAYhs0jOyUoAQmG1f2EuiMX%2BPvvQNLj8jKUhttYubaSbecTqd4UR0XrzqA9wHBj%2BN7zcTABunKZTvYy2RIpI3SwAmbcacIONeNSnbo%2Bn1hLt0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cec2b59-FRA

GET
H2 200 image-14.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 45 KB
45 KB 58ms
54ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-14.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

d65d78a3d7017c5c378377a70ad921d17423034985f9d36b7cd06ef624c9d654

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 45921
cf-request-id: 06f041793400002b59e9b6c000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 22:02:23 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"b361-174bcfd2e1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1WxrEtfEWrnR9UMfooYqWb0iyFdPHNEGCFpFD2ASBlsFQ0MMeEmFA5EspeK%2F%2BFBDcBSX2%2FOpQ7N9REZo7Af9ww652CfYsl9IkijUV0FDjI5inLYA0H2IB1A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cee2b59-FRA

GET
H2 200 image-18.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 215 KB
216 KB 32ms
28ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-18.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

40a0a489ed5606a5acd48103f091a2689442afed3875dd3ef27ed516f1b8d021

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 220369
cf-request-id: 06f041793500002b593032d000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 00:39:21 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"35cd1-174bd8ce3c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7DNkm2Gd8G2lB2QTOqKAM7A4Lpj0phSEQS2z093PYToASoVG%2FCNJqn6L%2BcTEU94H6Ns%2FemviMSWCTeiiWSUDIy2t0FzwWmng7GZ03YVFLXrk2D1OaNIGNBM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cef2b59-FRA

GET
H2 200 image-15.png
blog.zsec.uk/content/images/2020/09/ 12 KB
13 KB 44ms
40ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-15.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

f80a20bb5de8fcf59ccbd77578545c5e35a0fbf13d9bf23fc3da05a0b3defd38

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 12798
cf-request-id: 06f041793500002b59f7091000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 23:35:26 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"31fe-174bd525f89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=heAqSQNu7IswI%2FM1NZWpGpNBqZe6BxZOyOKZTzHo1mvZgt03Hs8TcTBLo4XX03PmrVMC1xjv8lNO4IIoE5maUrrG%2F%2FPmcAdexuPGl8t1%2BznyODi9bPFqFKI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cf12b59-FRA

GET
H2 200 image-16.png
blog.zsec.uk/content/images/2020/09/ 12 KB
12 KB 43ms
39ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-16.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9befcb8b8f4c39863cf7e7320f361eb81d7092c7a7b8cd9e003bcbd365f00fa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 12254
cf-request-id: 06f041793700002b59dcb04000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 23:44:16 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"2fde-174bd5a76f6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VE2VL8etoGNVo2XU0v2gTg7akSVaQLG7wv1LSqZ7ccgZxzIRW74aHTlClWpm5lo4WAix78PYYvaXUt1w2%2FUJM%2BGX271tAwGD7pCL8b2zQ2497jWBIpWPuck%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cf22b59-FRA

GET
H2 200 image-5.png
blog.zsec.uk/content/images/size/w1000/2020/09/ 306 KB
306 KB 50ms
47ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/size/w1000/2020/09/image-5.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

7bb3b1cf59f6ae8d58f2e6fde4dd52483cc7adb00e79a7cf8d36709c80f38a36

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 312979
cf-request-id: 06f041793500002b590e903000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 23 Sep 2020 17:27:40 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"4c693-174bc01abd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IWX1bDYfRM8WBybq2y9wz7xeuXXJWbUioXWxcX%2FX2slnsal1zdEOl%2BCXPN0xsMugat8j8aRpEdNgggijom8vLFN1wve1P6KIIo9VQH8Pq6maBZcO2RL4aso%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cf42b59-FRA

GET
H2 200 image-23.png
blog.zsec.uk/content/images/2020/09/ 15 KB
15 KB 39ms
35ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-23.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

ab930cb32b775beb7b11abbd96dc06ed0797381397aa421e930540ed8317f5b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 15272
cf-request-id: 06f041793600002b591e8a1000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 01:49:00 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"3ba8-174bdcca7b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VPpgB00oPrJrJ5Qc8xDE8B%2F%2BGOh7WIRG65vYs71tQi25GQdGbcolsW7ayNuOUAskn0T3mkJ8T7HOgZaSgVPwNw%2BjEJHzvREvVGIdOptANR5tCWeZw2EpuJA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cf52b59-FRA

GET
H2 200 image-24.png
blog.zsec.uk/content/images/2020/09/ 16 KB
16 KB 34ms
31ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-24.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e235af07f19eee35293e64ecb79dfaaa8e8194467a7a4065d3942dcbf2bd7eba

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 16166
cf-request-id: 06f041793600002b59c988c000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 01:52:06 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"3f26-174bdcf7f34"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nDvhG%2FSpX9Tenj%2Fz246QQx3yqF4zeWFxtn5AjfNdzKej6blYW4GVckjqnDUXq632mbpyvlW0clA7TDICdpdh6PaSyC62GFITuKSZ1iz4%2FHFwKhPn5YJryxI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cf62b59-FRA

GET
H2 200 image-21.png
blog.zsec.uk/content/images/2020/09/ 26 KB
27 KB 66ms
63ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-21.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b9ec2bd81f9298dfdbe69b4adc1cfc1121c3d74377167577f67e8ad69e38afaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 26978
cf-request-id: 06f041793600002b592d04a000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 01:43:26 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"6962-174bdc78fdb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F%2Bq5uGaoVFczDMmlZh1a6B7ewFQZd0%2Bor0JtsHj8E0lWCqj9HtmaK5CeAsVtF0xhmhI%2B1x8dSVqxTaFfjye%2B%2Fu3skRHVRww6QkYiw%2BvavdVpi5rBTwcUzgU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cfa2b59-FRA

GET
H2 200 image-22.png
blog.zsec.uk/content/images/2020/09/ 25 KB
25 KB 59ms
56ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-22.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

f56a3501e710f675d9145ca016a4432e63d076015bede3dc449ff8c2be811df7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 25615
cf-request-id: 06f041793600002b59009d1000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 01:44:39 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"640f-174bdc8ab82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zTtMw8UdkFc9OiL1neJnopKsPm%2FQwzk9SmcdUj3H1PzhfyLNxbLNNTvcsh5bsI%2FiKKD0JkWSDFEiDKVqx%2B4c159ozZQJWK6IPKjDKyvYD%2FAazw7RIR2F3Sk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cfb2b59-FRA

GET
H2 200 image-25.png
blog.zsec.uk/content/images/2020/09/ 8 KB
8 KB 34ms
31ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-25.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6adc6406de9add9f42876a5f8e32cd4b9ff262dd07d0c747f9e081dcc8b5ddc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 7805
cf-request-id: 06f041793700002b59c6934000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 01:52:58 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"1e7d-174bdd04c13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XuubrPGnNj2%2FrQPHM9%2FF0SN%2FBAH%2FXNGz%2FYcxmGA5LY6aGuNjHShUDzHycwhRKYQtKDMrdw9cyXrCStd1H2cekoUUQ4dYeXm5ohX7%2FTAL43%2Fbc6T065gaOf8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cfd2b59-FRA

GET
H2 200 image-20.png
blog.zsec.uk/content/images/2020/09/ 17 KB
17 KB 41ms
38ms Image
image/png 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.zsec.uk/content/images/2020/09/image-20.png

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e142572a7925c2528e4168cce0fd919cda444e418beffcfe907e2c49b96c824f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
vary: Accept-Encoding
content-length: 17028
cf-request-id: 06f041793700002b59ef3fb000000001
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 24 Sep 2020 01:37:02 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"4284-174bdc1b5ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ch6FEHGvc%2F6OKBolvTE5KRzlFQHBaivVGy%2Fo5jtDteUgwKVTXwhrNXktRB8CRcjCtG3bSgClOPAotaYD3qMiDvV4FtfY64Q5HQkatL4wVVqW17KLd1bq3Kw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 5ffa383b8cfe2b59-FRA

GET
H2 200 favicon.svg
github.githubassets.com/favicons/ 959 B
1 KB 85ms
27ms Image
image/svg+xml 185.199.109.154
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://github.githubassets.com/favicons/favicon.svg
Requested by: Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.199.109.154 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6a9577cd4f7fa6b75bde1025af85b944e9dd1388373b55ccba6e9f80ac2eae60

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id: 24c16b666179ffea73b9bdf4ae36fa29edfad681
date: Thu, 10 Dec 2020 21:57:06 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 31 Mar 2020 05:17:24 GMT
server: AmazonS3
age: 5154
etag: "6d802f68df0c09a4997cfd28eeafd9ff"
x-served-by: cache-dca17744-DCA, cache-hhn4033-HHN
x-cache: HIT, HIT
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
x-timer: S1607637427.550723,VS0,VE0
content-length: 959
x-cache-hits: 24, 376

GET
H/1.1 200
OK 34346399
avatars2.githubusercontent.com/u/ 24 KB
25 KB 87ms
28ms Image
image/jpeg 151.101.112.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://avatars2.githubusercontent.com/u/34346399?s=400&v=4

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.112.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

75ecd37b214a6d0923327fcb0cb3f3a908e2f90c60e334c3c2b51be91905cade

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Fastly-Request-ID: cd802d3f44cda3e7de74c879e4ce82c240cd860b
Content-Security-Policy: default-src 'none'
Via: 1.1 varnish
X-Content-Type-Options: nosniff
X-Cache: HIT
X-Cache-Hits: 1
Connection: keep-alive
Vary: Authorization,Accept-Encoding
Content-Length: 25029
X-Xss-Protection: 1; mode=block
X-Served-By: cache-hhn4043-HHN
Last-Modified: Thu, 07 Dec 2017 20:46:25 GMT
X-GitHub-Request-Id: 75DE:60E1:3CFD92A:40EE35F:5F6914D9
X-Timer: S1607637427.552473,VS0,VE1
X-Frame-Options: deny
Date: Thu, 10 Dec 2020 21:57:06 GMT
Source-Age: 6915288
Strict-Transport-Security: max-age=31557600
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Etag: "4ded30dff215eb03b309eefcc88458f161b653e2"
Accept-Ranges: bytes
Timing-Allow-Origin: https://github.com
Expires: Thu, 10 Dec 2020 22:02:06 GMT

GET
H2 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 12 KB
5 KB 28ms
10ms Script
application/javascript 2606:4700::6810:a723
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a723 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-request-id: 06f041794300002c4e612ad000000001
last-modified: Wed, 09 Dec 2020 12:52:38 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"5fd0c896-3016"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CN92apsaaez50XFnLRN06tdSD2heP7Vt%2B9I5dr%2F4JDj0a2DPRCdvE4fYY%2FwWzmR%2BmuWWKmUIrLvqA92M8CfdqpLdRD3CaTDENWZd7Y7eMV%2BR%2BXKEPmXlr208Fi6qSCKn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 5ffa383b9b972c4e-FRA
expires: Sat, 12 Dec 2020 21:57:06 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/cdn-cgi/apps/head/T1yD9DLCXRcTVPMZyuU7nvkM29E.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4036
date: Thu, 10 Dec 2020 20:49:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Thu, 10 Dec 2020 22:49:50 GMT

GET
H2 200 8vjFsP3vhVdwiUtPzhnKLepvkHw.js Show response
blog.zsec.uk/cdn-cgi/apps/body/ 34 KB
12 KB 481ms
478ms Script
application/javascript 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.zsec.uk/cdn-cgi/apps/body/8vjFsP3vhVdwiUtPzhnKLepvkHw.js

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/cdn-cgi/apps/head/T1yD9DLCXRcTVPMZyuU7nvkM29E.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a31e4c9fb5d42941bcccd1251e4874b8c79b62e039f3816bdefc356751a1864

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-amz-request-id: A4796A8FE7959873
content-type: application/javascript; charset=utf-8
strict-transport-security: max-age=2592000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: xupzEoAw9frUrUF9mO/OggQnxHyhXpCb4U/tmQItmwgXxfkwzl7ZvZxOz7AAJCySPOq1gt3ArLs=
last-modified: Sun, 15 Oct 2017 11:41:33 GMT
server: cloudflare
etag: W/"63563227973055f0a973129e6c4782b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BAFlgBCBqHFJ7nr4e5CU2SOmvlGAWVfC8xmw0mfu835uoO2Uxx3tbmTrLJ1A9Zz7yo5vz48QRJXBRpP%2BIRDrCXf6ObSZwbZekFPWa8DPA9NRphw9UpHL1Mw%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: xD9.Hw6JMxeLo5i0Lup1hzzGHLPqPj7M
cache-control: public, max-age=31536000
cf-request-id: 06f041793700002b59cf0b0000000001
cf-ray: 5ffa383b8cff2b59-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
46 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c300b2811698bc68ed2928ff2686ed40e21753f1d308956268f567ab2149e576

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 47065
x-xss-protection: 0
server: cafe
etag: 860246916715892492
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 10 Dec 2020 21:57:07 GMT

GET
H2 200 casper.js Show response
blog.zsec.uk/assets/built/ 3 KB
2 KB 31ms
30ms Script
application/javascript 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.zsec.uk/assets/built/casper.js?v=cfc2de25e9

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

79430347712403e5868fa3a988eafdc9c0f5252d24e159469450226ce53eeb32

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
strict-transport-security: max-age=2592000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"dee-7438674ba0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qEgAnzVzbDAu%2FR42MXlFJdqOpuyEvh2xB4A7OxrC%2BInahw73Z0gRPJDjgDEeiMZqsfbe672zIPtv5phehvp5i3tgdnVXVIzyFplVHDnrn3q2Ym2cXpiBpwM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-polished: origSize=3566
cf-request-id: 06f0417b7b00002b59f70c2000000001
cf-ray: 5ffa383f2d442b59-FRA
cf-bgj: minify

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 95 KB
29 KB 29ms
7ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4190) /
Resource Hash: 2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 10 Dec 2020 21:57:07 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 118
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28698
x-tw-cdn: VZ
Last-Modified: Thu, 01 Oct 2020 21:52:09 GMT
Server: ECS (fcn/4190)
Etag: "a671d4d584ef50954e5cebb21da17065+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 / Show response
js.stripe.com/v3/ 188 KB
49 KB 196ms
87ms Script
application/javascript 65.9.73.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.73.72 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f270077995c404114cf15ea5a24ff5ab6841d10933802e336b5612ed40aca4b8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:55:47 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 80
via: 1.1 e13e8f228afcbd0862f27c6ebd714879.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-request-id: 1D5467874CE449D0
x-amz-id-2: 4dusYRxwP0QyVGgmMcy+0WaRy1h//055j+Oyw+1czNwAn9NPIAs0CynIxGoBg+4jeSicMGYhVkA=
last-modified: Thu, 10 Dec 2020 16:28:54 GMT
server: AmazonS3
etag: W/"23cb1467ffd4225211aeeda9c6e94b07"
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300
content-security-policy: default-src 'self'; connect-src 'self' https://api.stripe.com https://errors.stripe.com; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src 'self'; img-src 'self' https://q.stripe.com; font-src data: https:; media-src 'none'; object-src 'self';
x-amz-cf-pop: AMS1-C1
timing-allow-origin: *
x-amz-cf-id: iLwACD_LHLqmJxkDEPQIMDAGDa-2bavu86znA1wiFFcMBn5dXpJlgg==

GET
H2

200

portal.min.js Show response
unpkg.com/@tryghost/portal@0.14.0/umd/
Redirect Chain

https://unpkg.com/@tryghost/portal@latest/umd/portal.min.js
https://unpkg.com/@tryghost/portal@0.14.0/umd/portal.min.js

307 KB
73 KB

33ms
33ms

Script
application/javascript

2606:4700::6810:7aaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@tryghost/portal@0.14.0/umd/portal.min.js

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6bc45d63bc26b8981b7c892cdc1d9f56c9ada1ae70b426f8e96b5d8af7dbc03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 829337
vary: Accept-Encoding
cf-request-id: 06f0417bca0000176213263000000001
last-modified: Tue, 01 Dec 2020 07:24:11 GMT
server: cloudflare
etag: W/"4cae1-3fM6SlU4wrKLjdWrpb/qeqkRHUQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: bc41b7e189cf41c2b87e005f059614e8
cache-control: public, max-age=31536000
cf-ray: 5ffa383faec81762-FRA

Redirect headers

date: Thu, 10 Dec 2020 21:57:07 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 497
vary: Accept, Accept-Encoding
content-length: 64
cf-request-id: 06f0417b8b000017621325c000000001
server: cloudflare
location: /@tryghost/portal@0.14.0/umd/portal.min.js
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 6bf321aff215ab07b61e41a118fe03af
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5ffa383f4dc91762-FRA

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
66 B 13ms
13ms XHR
text/plain 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=271916530&t=pageview&_s=1&dl=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&ul=en-us&de=UTF-8&dt=ZeroLogon(CVE-2020-1472)%20-%20Attacking%20%26%20Defending&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=262562055&gjid=327656216&cid=2070731234.1607637427&tid=UA-81202681-1&_gid=307054328.1607637427&_r=1&_slc=1&z=676589132

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 10 Dec 2020 21:57:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.zsec.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 8 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 776b1185b144bb4ff06ba24e854ad7e667d114a9a23333b8e0fde9f87921d6f1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: text/css;charset=utf-8

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
86 B 19ms
19ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-81202681-1&cid=2070731234.1607637427&jid=262562055&gjid=327656216&_gid=307054328.1607637427&_u=YEBAAUAAAAAAAC~&z=217968418

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 10 Dec 2020 21:57:07 GMT
content-type: text/plain
access-control-allow-origin: https://blog.zsec.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 27ms
10ms Script
application/javascript 2001:4de0:ac19::1:b:1b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Origin: https://blog.zsec.uk
Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
last-modified: Wed, 01 May 2019 21:14:27 GMT
server: nginx
etag: W/"5cca0c33-15851"
vary: Accept-Encoding
x-hw: 1607637427.dop156.fr8.t,1607637427.cds237.fr8.hn,1607637427.cds236.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H3-Q050 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/ 234 KB
88 KB 56ms
41ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 89527
x-xss-protection: 0
server: cafe
etag: 1810063338415286733
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Dec 2020 21:57:07 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/ Frame 9659 0
0 6ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20201203/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20201203/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.zsec.uk/zerologon-attacking-defending/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.zsec.uk/zerologon-attacking-defending/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 10 Dec 2020 09:58:13 GMT
expires: Thu, 24 Dec 2020 09:58:13 GMT
content-type: text/html; charset=UTF-8
etag: 10723747146953794269
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4923
x-xss-protection: 0
age: 43134
cache-control: public, max-age=1209600
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:818::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-81202681-1&cid=2070731234.1607637427&jid=262562055&_u=YEBAAUAAAAAAAC~&z=1504627853

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Dec 2020 21:57:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:817::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-81202681-1&cid=2070731234.1607637427&jid=262562055&_u=YEBAAUAAAAAAAC~&z=1504627853

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Dec 2020 21:57:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.zsec.uk
URL: https://blog.zsec.uk/zerologon-attacking-defending/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 4037
date: Thu, 10 Dec 2020 20:49:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Thu, 10 Dec 2020 22:49:50 GMT

GET
H3-Q050 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
46 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c300b2811698bc68ed2928ff2686ed40e21753f1d308956268f567ab2149e576

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 47065
x-xss-protection: 0
server: cafe
etag: 860246916715892492
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 10 Dec 2020 21:57:07 GMT

GET
H2 200 tocbot.js Show response
cdnjs.cloudflare.com/ajax/libs/tocbot/4.11.2/ 11 KB
4 KB 13ms
13ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.11.2/tocbot.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09f41451ee670abd2cf15681d5d3c8497db9266c141d545a6cc8e2f98505512e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://blog.zsec.uk
Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 724018
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3203
cf-request-id: 06f0417c180000bf0f6b030000000001
timing-allow-origin: *
last-modified: Sun, 07 Jun 2020 21:41:53 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5edd5f21-2b9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rStBJrnnHuFtT0Qdusla4LFdY0p0Yx4bJXPxzfCKyld3CvyKBnkI%2BFgldEv95WSF%2BYAlS0HCZQHBn%2Bm48MqOH4nqe0xhNnEQFb3UK7xpjyuNGLslh0eeHtgRH5VZ23MmCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5ffa38402eb7bf0f-FRA
expires: Tue, 30 Nov 2021 21:57:07 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 6ms
5ms Image
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=271916530&t=pageview&_s=2&dl=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&ul=en-us&de=UTF-8&dt=ZeroLogon(CVE-2020-1472)%20-%20Attacking%20%26%20Defending&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAUABAAAAAC~&jid=&gjid=&cid=2070731234.1607637427&tid=UA-81202681-1&_gid=307054328.1607637427&z=1438676101

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Dec 2020 09:14:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 45768
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
blog.zsec.uk/members/api/site/ 707 B
722 B 44ms
44ms Fetch
application/json 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.zsec.uk/members/api/site/

Requested by

Host: unpkg.com
URL: https://unpkg.com/@tryghost/portal@latest/umd/portal.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a6f43d0fb1200047b56ed11292ec9185089d889be3891df1c1fd0ee3e44c2b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: cloudflare
x-frame-options: DENY
etag: W/"2c3-mEBcBXogRPI7thC/MEV64HkZI8A"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6GW%2FTz1EiekW545NbEWsz6IHE5e5EX0dsnb1OC4FxRZ9tbX%2FgsZJfthTOkZ6I53hphVpApa9IiPtwQxS6msNxE%2B5RxrNOxQ71ZNMtY%2BHMvuC0PQPJXqMGgw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cf-request-id: 06f0417c5b00002b59e534a000000001
cf-ray: 5ffa384098e82b59-FRA

GET
H/1.1 200
OK widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html
platform.twitter.com/widgets/ Frame 1444 0
0 6ms
6ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.96fd96193cc66c3e11d4c5e4c7c7ec97.html?origin=https%3A%2F%2Fblog.zsec.uk
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/40E2) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.zsec.uk/zerologon-attacking-defending/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.zsec.uk/zerologon-attacking-defending/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1396412
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 10 Dec 2020 21:57:07 GMT
Etag: "9fa476ae827f556d5b037fe43632370d+gzip"
Last-Modified: Thu, 01 Oct 2020 21:50:01 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/40E2)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 5825

GET
DATA 200
OK truncated
/ 928 B
928 B Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c1e9899ade0fb1704299ad5e021e55601a11e37669f77fa395be0817b1c795f

Request headers

Origin: https://blog.zsec.uk
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK horizon_tweet.716ef7f4c155526f8ec8e60dbd2fbf56.js Show response
platform.twitter.com/js/ 6 KB
3 KB 6ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.716ef7f4c155526f8ec8e60dbd2fbf56.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4188) /
Resource Hash: b8e8fe9b8ca280dc3c982691064e62ba97c8f2c192a17dfe74430c7cf73cb4de

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 10 Dec 2020 21:57:07 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Oct 2020 21:49:51 GMT
Server: ECS (fcn/4188)
Age: 1396414
Etag: "15d6bf68a8d65b293e52ddc833724ed4+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2195

GET
H2 200 m-outer-59cdd15d8db95826a41100f00b589171.html
js.stripe.com/v3/ Frame D592 0
0 58ms
57ms Document
text/html 65.9.73.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-59cdd15d8db95826a41100f00b589171.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.73.72 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: js.stripe.com
:scheme: https
:path: /v3/m-outer-59cdd15d8db95826a41100f00b589171.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.zsec.uk/zerologon-attacking-defending/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.zsec.uk/zerologon-attacking-defending/

Response headers

content-type: text/html; charset=utf-8
content-length: 215
x-amz-id-2: CGrUV7F9Di23QqQHVXymX9g7wdxeFVH+mM3oAby6GLMRB0rv71f0GhjKbx+ms5TAXmEPkJNgJRQ=
x-amz-request-id: FXDTCJ3Y4V5P4K1T
last-modified: Thu, 10 Dec 2020 15:57:35 GMT
accept-ranges: bytes
server: AmazonS3
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
access-control-allow-origin: *
content-security-policy: default-src 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://m.stripe.network; img-src https://q.stripe.com; font-src 'none'; media-src 'none'; object-src 'none';
date: Thu, 10 Dec 2020 21:53:53 GMT
etag: "59cdd15d8db95826a41100f00b589171"
cache-control: public, max-age=300
x-cache: Hit from cloudfront
via: 1.1 e13e8f228afcbd0862f27c6ebd714879.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: p3T3h2MbBqlUPeNEC-B27PMINuMccBW7cXo8cSceyqmXedvs1iE7rw==
age: 195

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 197 B
436 B 43ms
42ms Script
text/javascript 172.217.21.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=blog.zsec.uk&callback=_gfp_s_&client=ca-pub-5360859507810376

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f226.1e100.net

Software

cafe /

Resource Hash

98fd124ec0c0701f81e84d200701201f96b68b790370b62fab7496bde9acf6b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 189
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 109 B
803 B 35ms
15ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=blog.zsec.uk

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 36ms
16ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=blog.zsec.uk

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
88 B 39ms
39ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&tn=CLOUDFLARE-APP&ign=false

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Dec 2020 21:57:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 403 ads
googleads.g.doubleclick.net/pagead/ Frame DFAD 0
0 52ms
51ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-5360859507810376&output=html&adk=1812271804&adf=4235265862&lmt=1607637427&plat=1%3A32776%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&ea=0&flash=0&pra=5&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1607637427173&bpp=15&bdt=1143&idt=242&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8695718617440&frm=20&pv=2&ga_vid=2070731234.1607637427&ga_sid=1607637427&ga_hid=271916530&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946&oid=3&pvsid=4151593624143348&pem=384&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=263

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-5360859507810376&output=html&adk=1812271804&adf=4235265862&lmt=1607637427&plat=1%3A32776%2C2%3A16809992%2C9%3A32776%2C10%3A32%2C11%3A32%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C40%3A32&format=0x0&url=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&ea=0&flash=0&pra=5&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1607637427173&bpp=15&bdt=1143&idt=242&shv=r20201203&cbv=r20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8695718617440&frm=20&pv=2&ga_vid=2070731234.1607637427&ga_sid=1607637427&ga_hid=271916530&ga_fc=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21068946&oid=3&pvsid=4151593624143348&pem=384&rx=0&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=8192&bc=31&ifi=0&uci=a!0&fsb=1&dtd=263
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.zsec.uk/zerologon-attacking-defending/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.zsec.uk/zerologon-attacking-defending/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 10 Dec 2020 21:57:07 GMT
server: cafe
content-length: 46
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Dec-2020 22:12:07 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 51ms
37ms XHR
application/json 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201203&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5bb3a62bb581c7983379e2f856d9279eeea4c902ea9679f5d50353826a02b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6472
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

232aefdba529e089a651b9ae0a1f9e9abcd5b62e629bd1031a9f491742bcb4de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1607561515382827"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28334
x-xss-protection: 0
expires: Thu, 10 Dec 2020 21:57:07 GMT

GET
H2 400 / Show response
blog.zsec.uk/members/api/member/ 34 B
370 B 28ms
27ms Fetch 2606:4700:3033::6818:7f2b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.zsec.uk/members/api/member/

Requested by

Host: unpkg.com
URL: https://unpkg.com/@tryghost/portal@latest/umd/portal.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::6818:7f2b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

6daf49c318d8ec76d13f99cea7556912407bd2d2c20f7686fdd9814da1773121

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DpMP%2Bln69utgVzG39af6Z0L0i6a4VU1StocA1f7ajMt%2Fl68z%2BPB%2B4qFVXjlf%2FaRBbfKNeryHcjp01NuISbbcWq3gzWY59eaprDlIihAqjDaZccl2Jy%2BfkjE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-request-id: 06f0417cff00002b590f087000000001
cf-ray: 5ffa38419bb92b59-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK index.html
platform.twitter.com/embed/ Frame AB56 0
0 7ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/index.html?creatorScreenName=ZephrFish&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1306522388704657408&lang=en&origin=https%3A%2F%2Fblog.zsec.uk%2Fzerologon-attacking-defending%2F&siteScreenName=ZephrFish&theme=light&widgetsVersion=ed20a2b%3A1601588405575&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/4195) /
Resource Hash

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.zsec.uk/zerologon-attacking-defending/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.zsec.uk/zerologon-attacking-defending/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 429
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Thu, 10 Dec 2020 21:57:07 GMT
Etag: "926a30878e3bd5d4f4fe2bb443f263be"
Last-Modified: Tue, 24 Nov 2020 18:00:07 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (fcn/4195)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 577

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 16 KB
6 KB 35ms
15ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201203/r20190131/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 10 Dec 2020 21:57:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1603823857801521"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6015
x-xss-protection: 0
expires: Thu, 10 Dec 2020 21:57:07 GMT

GET
H3-Q050 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame FCD2 0
0 34ms
20ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/219/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.zsec.uk/zerologon-attacking-defending/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://blog.zsec.uk/zerologon-attacking-defending/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4867
date: Thu, 10 Dec 2020 20:40:49 GMT
expires: Fri, 10 Dec 2021 20:40:49 GMT
last-modified: Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4578
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
23 B 41ms
41ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201203&jk=4151593624143348&bg=!S0ilSGjNAAXKjztBylhHgUeyaxd6PgIAAABMUgAAAA9oAQcKAgarQemmApB45j51i1nFa_YwnY5-ZpGRkrXNggt-iHLCyBh8eAbZkei4HZlumpKciG7UTi-zjd_cB3oscNcLCQ6O_Cdzq4rmWAw53co2lWPA6EMrNRvDYW-CV6nlODZ2nRKtvCvwany3p2cJpHSW3HVbzH4p8MzmUGEAk61or0La-G_FILGcOFoNs9EBscO9X_pvYdDhQV8pbtHsR2S7WnptUEdX0yYVyFbg-WtEBwdKdxwJM1eVN7Roxjkcfu0vRv2jgKneB14iL8EzJCEjPNoy3wahJB88-bo7LZb4hj8vBh4XoTH1MWKmPoEHOHKYpXAwskEJd-2KraJUxYIbrkJc9BVkv8Qo0pXPUGL9nIocY22PohEjzKCN3lOEd40QAZtlWS5wWtIQHZfxxBpTb90W6OjXOtRJSraMgemO2iyUYqstodbisFYkir663X6o7hyxCy9qT1QzLU8LYhSvifZYc2TddwqXaTOACGWccjWLg4JX68dpc_S3xInj2wyqoafg-4p3o8jwxtZXmhQhLrYW4l9jtu7P7Pe6BNzQwnYwL3BRmVhF_l1aw_wQZusJAQ4AQjjzspk-XFUPHvbpmviAEurmzaApLZ3QoDHj7jxq7VgCp7I3DYDuLxpsKZO49rnaqAlgOJQ6FgmQNCVoLyEO6o-06fz-ty3j2vZK_r53oGl9v-5xRpkBtTYIFzVU9u_sG-y2wzA8HdDWnuKRwY7HjFbDUctjspgfzPCOl-Z7b3cEWqtr-khjrvKmhfO6Utid65JPe1m0tXWVVflAN0PW38bCvMcWK-wvuBw7NMbX6jQWvIB1TStZVAPwxUhN0aq2MNLzqxN9AR7OmQtM8cxQO0WSBbJq-wtcB0x-o2N9Yxm-6Y_aprztA9hs-B2iyVQPqreIfhiuPeOQ3KhPA7-Jq7zeRzcoTh89875HU9643GdGoM1pOGBG_l-3H2M8FDMIyjV5SANvpsXv1NjejOf7Ozc5fNFm_XEf10_otKuHPxUr8rLtXBjQeU4LIEHYLtDgaW56F71sBHhmw67GNQJAYNTzTt4hbDpD697B3GTri-WWckK2Ep-yCexR1WEC60VXlA_FQ0AfG6wBcCXifqfLN-N7Gi_RCrzG9npdg1ntiiuu0IvL50GTjCvB_Gkann7tZr0GuzIOJ_EEjXXaKhsBJCy0srOm8ReAQnyKvAcBwaR4HzoBdcaJKzZiEiRZXRnYgWAd22Qa9Uww4-6By5BQlrb3VsOzjztyjrw2XF3o_MxPe4qq4D4A_XEWovUY

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.zsec.uk/zerologon-attacking-defending/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 10 Dec 2020 21:57:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.zsec.uk/	1970-01-19 14:33:57	Name: _gat Value: 1
.zsec.uk/	1970-01-20 08:05:09	Name: _ga Value: GA1.2.2070731234.1607637427
.zsec.uk/	1970-01-19 14:35:23	Name: _gid Value: GA1.2.307054328.1607637427
.zsec.uk/	1970-01-19 15:17:09	Name: __cfduid Value: d20daed733bd7f46bbf680664d48ae4781607637425

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ajax.cloudflare.com
avatars2.githubusercontent.com
blog.zsec.uk
cdnjs.cloudflare.com
code.jquery.com
github.githubassets.com
googleads.g.doubleclick.net
images.unsplash.com
js.stripe.com
pagead2.googlesyndication.com
partner.googleadservices.com
platform.twitter.com
stats.g.doubleclick.net
tpc.googlesyndication.com
unpkg.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
151.101.112.133
172.217.21.226
185.199.109.154
2001:4de0:ac19::1:b:1b
2606:2800:234:59:254c:406:2366:268c
2606:4700:3033::6818:7f2b
2606:4700::6810:135e
2606:4700::6810:7aaf
2606:4700::6810:a723
2a00:1450:4001:800::2001
2a00:1450:4001:803::2002
2a00:1450:4001:817::2003
2a00:1450:4001:818::2004
2a00:1450:4001:81a::200e
2a00:1450:400c:c00::9d
2a04:4e42:1b::720
65.9.73.72
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09f41451ee670abd2cf15681d5d3c8497db9266c141d545a6cc8e2f98505512e
0cf81d94498e9224c19fc2657470249a93f91deb0ba14c16f03a21665494f9d7
1c1e9899ade0fb1704299ad5e021e55601a11e37669f77fa395be0817b1c795f
232aefdba529e089a651b9ae0a1f9e9abcd5b62e629bd1031a9f491742bcb4de
249db1cfe84c045ecf78f7023b062a3f0b242cdeeeedaead6ea17cef9d149f4a
2b418a10ba4680c77fa07fb0e736eec6306cba0dbbbc8deac94a25e679178e15
37f589a67b765470fbc3021079cfc9e08b9dc6574dd50e5d0178b1596d0c9fc8
3a31e4c9fb5d42941bcccd1251e4874b8c79b62e039f3816bdefc356751a1864
40a0a489ed5606a5acd48103f091a2689442afed3875dd3ef27ed516f1b8d021
41d9b00eb3f443e1eb77b8c37a7694c21a21d2f2e7116c0095254a19889ce3e7
4be6175bfa75bc36572f4a539ad5f1414301a166310cc3a10e2365d48a4245a3
52e7ef615597e465d6f55395523c432db27bdd437e6a3ae8031b81bb50398e61
5d46d20f79bec4b5b6ed6fe6a7d90c9fe7c8f4053632806488c31255561623ea
5f22c65f8d7ec9ef7408ca12b7f7a76bf8abd36c4eef9419f16a16c71f7ac499
64e904831cf317ee20c6e41a1ca7b476e24a016e614c3ba8e662fd8d24e0143b
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6a9577cd4f7fa6b75bde1025af85b944e9dd1388373b55ccba6e9f80ac2eae60
6adc6406de9add9f42876a5f8e32cd4b9ff262dd07d0c747f9e081dcc8b5ddc8
6daf49c318d8ec76d13f99cea7556912407bd2d2c20f7686fdd9814da1773121
702b620d2c5df269f28aad6d9765187541a6598cb02a58316cdfecad2ca39aa3
75ecd37b214a6d0923327fcb0cb3f3a908e2f90c60e334c3c2b51be91905cade
763fdbea7a24b13412e4dec7cc12b17528834a02ccca5e09493e48266b905c82
776b1185b144bb4ff06ba24e854ad7e667d114a9a23333b8e0fde9f87921d6f1
79430347712403e5868fa3a988eafdc9c0f5252d24e159469450226ce53eeb32
7bb3b1cf59f6ae8d58f2e6fde4dd52483cc7adb00e79a7cf8d36709c80f38a36
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88c91e1fd299ed684b16d24d49dae0111df54f70215122d0a5236326be87a991
98fd124ec0c0701f81e84d200701201f96b68b790370b62fab7496bde9acf6b6
9a380e74a5d40597f9b61083f322fc1f40e43bf5546081afacaf3c5ddcd8faf5
9befcb8b8f4c39863cf7e7320f361eb81d7092c7a7b8cd9e003bcbd365f00fa8
a5bb3a62bb581c7983379e2f856d9279eeea4c902ea9679f5d50353826a02b25
a6f43d0fb1200047b56ed11292ec9185089d889be3891df1c1fd0ee3e44c2b5b
aa05e03792a47c2e4949e2dd311cf00800dcf01c1d6ae2d4c41862cc29d79f79
ab930cb32b775beb7b11abbd96dc06ed0797381397aa421e930540ed8317f5b9
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
b8e8fe9b8ca280dc3c982691064e62ba97c8f2c192a17dfe74430c7cf73cb4de
b9ec2bd81f9298dfdbe69b4adc1cfc1121c3d74377167577f67e8ad69e38afaa
ba723f7c43868bc8dccca0cfcf539bea9116f6c26e1993fd88d852fbc80b316e
c02fc68565112773536bdc781f6ec47a0bca8c0d41a3282da31bf28419aaac98
c300b2811698bc68ed2928ff2686ed40e21753f1d308956268f567ab2149e576
d0d04d3e4e5d282c25116efb8e274774c1aab5c412f0bab5bddc3225b3c47e3d
d65d78a3d7017c5c378377a70ad921d17423034985f9d36b7cd06ef624c9d654
de5ef4d33bb14981c7785633937454e6b4edaf5d6cef90d310f7c7f3a86db92d
e142572a7925c2528e4168cce0fd919cda444e418beffcfe907e2c49b96c824f
e235af07f19eee35293e64ecb79dfaaa8e8194467a7a4065d3942dcbf2bd7eba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e6bc45d63bc26b8981b7c892cdc1d9f56c9ada1ae70b426f8e96b5d8af7dbc03
e9664f1768f88ac09286d448b557b00e8d302ca86a67f2e034a85de0800e61b4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f270077995c404114cf15ea5a24ff5ab6841d10933802e336b5612ed40aca4b8
f56a3501e710f675d9145ca016a4432e63d076015bede3dc449ff8c2be811df7
f5fb47c81bbed3f443dad85c60698e903b3a10ec4998ad1b172fb2fe155b30ef
f80a20bb5de8fcf59ccbd77578545c5e35a0fbf13d9bf23fc3da05a0b3defd38
fa998d62632df8b053f88eefab8c2b32d9ff3a968dae5fbb8d374736fea11cbe
fe5d97969e5d98e03eaacc671edb2e30373f05070f5a37d69f5a5f6f91b79149

blog.zsec.uk Open in urlscan Pro 2606:4700:3033::6818:7f2b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

69 Requests

100 %HTTPS

76 %IPv6

16 Domains

21 Subdomains

18 IPs

5 Countries

3899 kBTransfer

4947 kBSize

4 Cookies

35 Outgoing links

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.zsec.uk Open in urlscan Pro
2606:4700:3033::6818:7f2b Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

100 %
HTTPS

76 %
IPv6

16
Domains

21
Subdomains

18
IPs

5
Countries

3899 kB
Transfer

4947 kB
Size

4
Cookies

69 HTTP transactions
2 data transactions