outflank.nl Open in urlscan Pro
2a01:7c8:eb:0:149:210:170:219 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Submission: On February 02 via api (February 2nd 2023, 1:46:39 pm UTC) from IN — Scanned from NL

Summary HTTP 18 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 2a01:7c8:eb:0:149:210:170:219, located in Netherlands and belongs to TRANSIP-AS Amsterdam, the Netherlands, NL. The main domain is outflank.nl.
TLS certificate: Issued by R3 on January 26th 2023. Valid for: 3 months.

This is the only time outflank.nl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	2a01:7c8:eb:0... 2a01:7c8:eb:0:149:210:170:219	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
1	2a03:3c00:a00... 2a03:3c00:a002:238::1000	20847 (PREVIDER-AS) (PREVIDER-AS)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
18	3

16 2a01:7c8:eb:0:149:210:170:219 (Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)

outflank.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:3c00:a002:238::1000 (Netherlands)

ASN20847 (PREVIDER-AS, NL)

www.marijn-van-beek.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	outflank.nl outflank.nl	967 KB
1	w.org s.w.org — Cisco Umbrella Rank: 1476	1 KB
1	marijn-van-beek.nl www.marijn-van-beek.nl
18	3

	Domain	Requested by
16	outflank.nl	outflank.nl
1	s.w.org	outflank.nl
1	www.marijn-van-beek.nl	outflank.nl
18	3

This site contains links to these domains. Also see Links.

Domain
www.cyberbit.com
github.com
docs.microsoft.com
ghidra-sre.org
twitter.com
j00ru.vexillium.org
medium.com
www.mdsec.co.uk
silentbreaksecurity.com
www.cobaltstrike.com
en.wikipedia.org

Subject Issuer	Validity	Valid
*.outflank.nl R3	`2023-01-26` - `2023-04-26`	3 months	crt.sh
www.marijn-van-beek.nl R3	`2023-01-03` - `2023-04-03`	3 months	crt.sh
*.w.org Sectigo ECC Domain Validation Secure Server CA	`2022-12-06` - `2024-01-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Frame ID: 29778CBEC008D8E690BA33BD432E3851
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR | Outflanklogologo

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

968 kB
Transfer

963 kB
Size

0
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cyberbit.com/blog/endpoint-security/malware-mitigation-when-direct-system-calls-are-used/
Title: malware research

Search URL Search Domain Scan URL

URL: https://github.com/outflanknl/Dumpert
Title: https://github.com/outflanknl/Dumpert

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/api/
Title: documented programming interfaces

Search URL Search Domain Scan URL

URL: https://ghidra-sre.org/
Title: Ghidra

Search URL Search Domain Scan URL

URL: https://twitter.com/j00ru
Title: @j00ru

Search URL Search Domain Scan URL

URL: https://j00ru.vexillium.org/syscalls/nt/64/
Title: online system call tables

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/content/wdm/nf-wdm-rtlgetversion
Title: RtlGetVersion

Search URL Search Domain Scan URL

URL: https://medium.com/@fsx30/bypass-edrs-memory-protection-introduction-to-hooking-2efb21acffd6
Title: @

Search URL Search Domain Scan URL

URL: https://www.mdsec.co.uk/2019/03/silencing-cylance-a-case-study-in-modern-edrs/
Title: MDsec’s

Search URL Search Domain Scan URL

URL: https://twitter.com/_xpn_
Title: Adam Chester

Search URL Search Domain Scan URL

URL: https://twitter.com/domchell
Title: Dominic Chell

Search URL Search Domain Scan URL

URL: https://github.com/stephenfewer/ReflectiveDLLInjection
Title: reflective loadable DLL

Search URL Search Domain Scan URL

URL: https://twitter.com/stanhacked
Title: @StanHacked

Search URL Search Domain Scan URL

URL: https://twitter.com/monoxgas
Title: @monoxgas

Search URL Search Domain Scan URL

URL: https://silentbreaksecurity.com/srdi-shellcode-reflective-dll-injection
Title: this blog

Search URL Search Domain Scan URL

URL: https://github.com/monoxgas/sRDI/tree/master/Python
Title: ConvertToShellcode.py

Search URL Search Domain Scan URL

URL: https://www.cobaltstrike.com/
Title: Cobalt Strike

Search URL Search Domain Scan URL

URL: https://github.com/outflanknl/Dumpert/tree/master/Dumpert-Aggressor
Title: aggressor script

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Kernel_Patch_Protection
Title: PatchGuard

Search URL Search Domain Scan URL

URL: https://twitter.com/Cneelis
Title: let me know

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/ 74 KB
74 KB 316ms
207ms Document
text/html 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 18e3f4a47e00141a7ced3a6cc381baa15c694d54603ef137aab86ee81cc43b40

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Content-Type: text/html; charset=UTF-8
Date: Thu, 02 Feb 2023 13:46:35 GMT
Link: <https://outflank.nl/wp-json/>; rel="https://api.w.org/" <https://outflank.nl/wp-json/wp/v2/posts/777>; rel="alternate"; type="application/json" <https://outflank.nl/?p=777>; rel=shortlink
Server: Apache
Transfer-Encoding: chunked
X-Pingback: https://outflank.nl/xmlrpc.php
X-TransIP-Backend: web723
X-TransIP-Balancer: balancer4

GET
H/1.1 200
OK style.min.css
outflank.nl/wp-includes/css/dist/block-library/ 93 KB
93 KB 51ms
20ms Stylesheet
text/css 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer4
X-TransIP-Backend: web723
Last-Modified: Wed, 16 Nov 2022 04:13:51 GMT
Server: Apache
ETag: "172a9-5ed8eb33bd318"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 94889

GET
H/1.1 200
OK classic-themes.min.css
outflank.nl/wp-includes/css/ 217 B
486 B 54ms
22ms Stylesheet
text/css 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-includes/css/classic-themes.min.css?ver=1
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer7
X-TransIP-Backend: web723
Last-Modified: Wed, 02 Nov 2022 04:14:03 GMT
Server: Apache
ETag: "d9-5ec75122b65ea"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 217

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
outflank.nl/wp-includes/js/ 18 KB
18 KB 20ms
20ms Script
application/javascript 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer6
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 11:44:04 GMT
Server: Apache
ETag: "48b9-5e5e190d836fd"
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 18617

GET
H/1.1 200
OK style.css
outflank.nl/wp-content/themes/outflank/ 65 B
333 B 53ms
30ms Stylesheet
text/css 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-content/themes/outflank/style.css?ver=6.1.1
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 2ce7931597ae07062234282d364eed8f43b900dacabe519821b24f3c1c117f3a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer4
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:06 GMT
Server: Apache
ETag: "41-5e5e1ca355cd6"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 65

GET
H/1.1 200
OK jquery.min.js Show response
outflank.nl/wp-includes/js/jquery/ 88 KB
88 KB 62ms
30ms Script
application/javascript 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer7
X-TransIP-Backend: web723
Last-Modified: Wed, 02 Nov 2022 04:14:03 GMT
Server: Apache
ETag: "15e54-5ec7512223e0e"
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 89684

GET
H/1.1 200
OK jquery-migrate.min.js Show response
outflank.nl/wp-includes/js/jquery/ 11 KB
11 KB 57ms
24ms Script
application/javascript 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer2
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 11:43:51 GMT
Server: Apache
ETag: "2bd8-5e5e19019c6ab"
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 11224

GET
H/1.1 200
OK 294.css
outflank.nl/wp-content/uploads/custom-css-js/ 4 KB
5 KB 50ms
21ms Stylesheet
text/css 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-content/uploads/custom-css-js/294.css?v=5396
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: ee15ff025e4912786d07413004d7440c9bb325e3769480876f1a47bd83715adc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer7
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:08 GMT
Server: Apache
ETag: "11b0-5e5e1ca4f74d7"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 4528

GET
H/1.1 200
OK 17.css
outflank.nl/wp-content/uploads/custom-css-js/ 54 KB
54 KB 52ms
20ms Stylesheet
text/css 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-content/uploads/custom-css-js/17.css?v=5231
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: ebc9e3d1db016dbda88583820a055a25a1b3c1e569a1178f0995e263e512ca71

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer6
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:08 GMT
Server: Apache
ETag: "d8bf-5e5e1ca4f74d7"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 55487

GET
H/1.1 200
OK 260.js Show response
outflank.nl/wp-content/uploads/custom-css-js/ 5 KB
6 KB 49ms
21ms Script
application/javascript 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-content/uploads/custom-css-js/260.js?v=113
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 25328215fd6ad6f9d93eb6bbaf1892f570d4e60c940689c6b5576130e9369ff0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer7
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:08 GMT
Server: Apache
ETag: "1523-5e5e1ca4f74d7"
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 5411

GET
H/1.1 200
OK HKGrotesk-Medium.otf
outflank.nl/wp-content/uploads/2022/03/ 68 KB
69 KB 20ms
20ms Font
application/font-sfnt 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-content/uploads/2022/03/HKGrotesk-Medium.otf
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: c3c71e98121dfb2fa5eb150b797daaebd38012ef5576b1084e803a6f46c4ff70

Request headers

Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Origin: https://outflank.nl
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer6
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:08 GMT
Server: Apache
ETag: "11100-5e5e1ca4ed895"
Content-Type: application/font-sfnt
Accept-Ranges: bytes
Content-Length: 69888

GET
H2 404 dots-light.png
www.marijn-van-beek.nl/preview/outflank.nl/wp-content/uploads/2022/03/ 0
0 120ms
17ms Image
text/html 2a03:3c00:a002:238::1000
PREVIDER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.marijn-van-beek.nl/preview/outflank.nl/wp-content/uploads/2022/03/dots-light.png
Requested by: Host: outflank.nl
URL: https://outflank.nl/wp-content/uploads/custom-css-js/17.css?v=5231
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:3c00:a002:238::1000 , Netherlands, ASN20847 (PREVIDER-AS, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

GET
H/1.1 200
OK HKGrotesk-Bold.otf
outflank.nl/wp-content/uploads/2022/03/ 67 KB
67 KB 20ms
20ms Font
application/font-sfnt 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL: https://outflank.nl/wp-content/uploads/2022/03/HKGrotesk-Bold.otf
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: b5e56dd6cd597cd3b5cf93494e16ba5bb83f91d30457264346fd6fafd8e3729a

Request headers

Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Origin: https://outflank.nl
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer7
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:08 GMT
Server: Apache
ETag: "10a30-5e5e1ca4f26b6"
Content-Type: application/font-sfnt
Accept-Ranges: bytes
Content-Length: 68144

GET
H/1.1 200
OK Picture1.png
outflank.nl/wp-content/uploads/2019/06/ 66 KB
66 KB 38ms
38ms Image
image/png 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://outflank.nl/wp-content/uploads/2019/06/Picture1.png
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: db85fc1b04366987ac54a72ae80ca9e3617dd08848d11ed8984950dbc5925cbd

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer7
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:07 GMT
Server: Apache
ETag: "108ab-5e5e1ca4b2f0a"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 67755

GET
H/1.1 200
OK Picture2.png
outflank.nl/wp-content/uploads/2019/06/ 195 KB
195 KB 23ms
23ms Image
image/png 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://outflank.nl/wp-content/uploads/2019/06/Picture2.png
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 85b0fea4e1475087aabd3216ed110274a8f674fee40685ed00b7d20e4f7b1f7a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer4
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:07 GMT
Server: Apache
ETag: "30b6d-5e5e1ca4a92c8"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 199533

GET
H/1.1 200
OK Picture3.png
outflank.nl/wp-content/uploads/2019/06/ 158 KB
158 KB 21ms
21ms Image
image/png 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://outflank.nl/wp-content/uploads/2019/06/Picture3.png
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 40ba499b9eb9836680b6b93a6a66ac0f10c508ee965e2b9e5bbb366b70826ec0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer2
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:07 GMT
Server: Apache
ETag: "2786a-5e5e1ca4ab9d8"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 161898

GET
H2 200 1f609.svg
s.w.org/images/core/emoji/14.0.0/svg/ 1 KB
1 KB 53ms
17ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/14.0.0/svg/1f609.svg

Requested by

Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Thu, 02 Feb 2023 13:46:35 GMT
x-content-type-options: nosniff
last-modified: Tue, 12 Apr 2022 03:47:26 GMT
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 1183
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK Picture4.png
outflank.nl/wp-content/uploads/2019/06/ 61 KB
61 KB 22ms
22ms Image
image/png 2a01:7c8:eb:0:149:210:170:219
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://outflank.nl/wp-content/uploads/2019/06/Picture4.png
Requested by: Host: outflank.nl
URL: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a01:7c8:eb:0:149:210:170:219 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: Apache /
Resource Hash: 0ac75ae79a77428d762065560216afa99ae5c7f9dedb3fe1b33f5887c5d6ba1e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Thu, 02 Feb 2023 13:46:35 GMT
X-TransIP-Balancer: balancer6
X-TransIP-Backend: web723
Last-Modified: Wed, 10 Aug 2022 12:00:07 GMT
Server: Apache
ETag: "f3dc-5e5e1ca4ab9d8"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 62428

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.marijn-van-beek.nl/preview/outflank.nl/wp-content/uploads/2022/03/dots-light.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

outflank.nl
s.w.org
www.marijn-van-beek.nl
192.0.77.48
2a01:7c8:eb:0:149:210:170:219
2a03:3c00:a002:238::1000
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0ac75ae79a77428d762065560216afa99ae5c7f9dedb3fe1b33f5887c5d6ba1e
18e3f4a47e00141a7ced3a6cc381baa15c694d54603ef137aab86ee81cc43b40
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f
25328215fd6ad6f9d93eb6bbaf1892f570d4e60c940689c6b5576130e9369ff0
2ce7931597ae07062234282d364eed8f43b900dacabe519821b24f3c1c117f3a
40ba499b9eb9836680b6b93a6a66ac0f10c508ee965e2b9e5bbb366b70826ec0
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
85b0fea4e1475087aabd3216ed110274a8f674fee40685ed00b7d20e4f7b1f7a
b5e56dd6cd597cd3b5cf93494e16ba5bb83f91d30457264346fd6fafd8e3729a
c324ef26b20264369e4568dc9ef1c5cb1f325f6bc4e8b7c01f7fe93fa353276a
c3c71e98121dfb2fa5eb150b797daaebd38012ef5576b1084e803a6f46c4ff70
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
db85fc1b04366987ac54a72ae80ca9e3617dd08848d11ed8984950dbc5925cbd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebc9e3d1db016dbda88583820a055a25a1b3c1e569a1178f0995e263e512ca71
ee15ff025e4912786d07413004d7440c9bb325e3769480876f1a47bd83715adc

outflank.nl Open in urlscan Pro 2a01:7c8:eb:0:149:210:170:219 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

968 kBTransfer

963 kBSize

0 Cookies

20 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

outflank.nl Open in urlscan Pro
2a01:7c8:eb:0:149:210:170:219 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

968 kB
Transfer

963 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions