www.deepinstinct.com Open in urlscan Pro
151.101.2.216 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Submission: On April 13 via api (April 13th 2023, 12:44:29 pm UTC) from TR — Scanned from DE

Summary HTTP 114 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 38 IPs in 4 countries across 31 domains to perform 114 HTTP transactions. The main IP is 151.101.2.216, located in United States and belongs to FASTLY, US. The main domain is www.deepinstinct.com.
TLS certificate: Issued by R3 on March 22nd 2023. Valid for: 3 months.

This is the only time www.deepinstinct.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
53	151.101.2.216 151.101.2.216	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
4	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:780... 2a02:26f0:780::5f65:3681	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	18.155.145.24 18.155.145.24	16509 (AMAZON-02) (AMAZON-02)
1	52.85.92.7 52.85.92.7	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:873b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	18.155.153.51 18.155.153.51	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
2	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	18.155.153.33 18.155.153.33	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:207... 2600:9000:2070:d200:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c02::9b	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700::68... 2606:4700::6812:19c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:826e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:89ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	34.252.119.122 34.252.119.122	16509 (AMAZON-02) (AMAZON-02)
1	18.66.112.79 18.66.112.79	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
114	38

53 151.101.2.216 (United States)

ASN54113 (FASTLY, US)

www.deepinstinct.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::5f65:3681 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.145.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-145-24.ham50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.92.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-92-7.ham50.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:873b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.153.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-153-51.ham50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.153.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-153-33.ham50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2070:d200:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c02::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:19c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:826e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.252.119.122 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-119-122.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net

vc.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	deepinstinct.com www.deepinstinct.com	893 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35 region1.google-analytics.com — Cisco Umbrella Rank: 2284	20 KB
5	typekit.net use.typekit.net — Cisco Umbrella Rank: 517 p.typekit.net — Cisco Umbrella Rank: 654	78 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	322 B
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 400 www.linkedin.com — Cisco Umbrella Rank: 579 px4.ads.linkedin.com — Cisco Umbrella Rank: 6196	3 KB
3	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2507 forms.hubspot.com — Cisco Umbrella Rank: 4720	3 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 15281 ibc-flow.techtarget.com — Cisco Umbrella Rank: 19775	2 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 8513	26 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 407	12 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 161	244 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 677 script.hotjar.com — Cisco Umbrella Rank: 927 in.hotjar.com — Cisco Umbrella Rank: 2080	72 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5216	562 B
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 687	633 B
2	t.co t.co — Cisco Umbrella Rank: 525	603 B
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 stats.g.doubleclick.net — Cisco Umbrella Rank: 100	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	160 KB
1	gstatic.com www.gstatic.com	165 KB
1	hotjar.io vc.hotjar.io — Cisco Umbrella Rank: 2441	258 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 13336	203 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2380	20 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4588	87 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2390	16 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1000	377 B
1	company-target.com api.company-target.com — Cisco Umbrella Rank: 4038	2 KB
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 691	98 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 701	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 853	5 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2501	896 B
1	demandbase.com tag.demandbase.com — Cisco Umbrella Rank: 5074	19 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1071	45 KB
114	31

	Domain	Requested by
53	www.deepinstinct.com	www.deepinstinct.com
4	www.facebook.com	www.deepinstinct.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.deepinstinct.com
4	use.typekit.net	www.deepinstinct.com use.typekit.net
3	www.google.com	www.deepinstinct.com js.hsleadflows.net
3	cdn.bizible.com	www.googletagmanager.com www.deepinstinct.com cdn.bizible.com
3	bat.bing.com	www.deepinstinct.com bat.bing.com
3	connect.facebook.net	www.deepinstinct.com connect.facebook.net
2	track.hubspot.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	px.ads.linkedin.com	2 redirects
2	www.google.de	www.deepinstinct.com
2	analytics.twitter.com	www.deepinstinct.com
2	t.co	www.deepinstinct.com
2	www.googletagmanager.com	www.deepinstinct.com www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	forms.hubspot.com	cdn.bizible.com
1	vc.hotjar.io	cdn.bizible.com
1	in.hotjar.com	cdn.bizible.com
1	cdn.bizibly.com	www.deepinstinct.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hs-banner.com	js.hs-scripts.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	px4.ads.linkedin.com	www.deepinstinct.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	script.hotjar.com	static.hotjar.com
1	api.company-target.com	tag.demandbase.com
1	id.rlcdn.com	www.deepinstinct.com
1	region1.google-analytics.com	www.googletagmanager.com
1	trk.techtarget.com	www.deepinstinct.com
1	static.ads-twitter.com	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	js.hs-scripts.com	www.googletagmanager.com
1	tag.demandbase.com	www.deepinstinct.com
1	static.hotjar.com	www.googletagmanager.com
1	p.typekit.net	use.typekit.net
1	www.googleoptimize.com	www.deepinstinct.com
114	40

This site contains links to these domains. Also see Links.

Domain
portal.deepinstinct.com
info.deepinstinct.com
en.wikipedia.org
learn.microsoft.com
github.com
i.blackhat.com
billdemirkapi.me
gist.github.com
www.matteomalvica.com
paper.bobylive.com
www.youtube.com
www.linkedin.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
deepinstinct.com R3	`2023-03-22` - `2023-06-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-08-17` - `2023-09-18`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-03` - `2023-06-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-20` - `2023-04-20`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
io.bizible.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-07-31`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-02-24` - `2023-08-06`	5 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-04-03` - `2023-07-03`	3 months	crt.sh
*.hotjar.io Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Frame ID: D661B6002E97798C2A516D1D3030D929
Requests: 113 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: F2C0C3B115FB05842C981E11EF1935C1
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: FC94F6A3D666FB82EB06AD743B0D309C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dirty Vanity: A New Approach to Code Injection & EDR Bypass | Deep Instinct

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

114
Requests

98 %
HTTPS

63 %
IPv6

31
Domains

40
Subdomains

38
IPs

4
Countries

1894 kB
Transfer

4882 kB
Size

38
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://portal.deepinstinct.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://info.deepinstinct.com/request-a-demo
Title: request demo

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Windows_Services_for_UNIX
Title: Windows Services for UNIX

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux
Title: Windows Subsystem for Linux

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-zwmapviewofsection#viewunmap
Title: MSDN

Search URL Search Domain Scan URL

URL: https://github.com/rainerzufalldererste/windows_x64_shellcode_template
Title: https://github.com/rainerzufalldererste/windows_x64_shellcode_template

Search URL Search Domain Scan URL

URL: https://github.com/deepinstinct/Dirty-Vanity
Title: https://github.com/deepinstinct/Dirty-Vanity

Search URL Search Domain Scan URL

URL: https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf
Title: https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Nissan-DirtyVanity.pdf

Search URL Search Domain Scan URL

URL: https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
Title: https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/

Search URL Search Domain Scan URL

URL: https://gist.github.com/juntalis/4366916
Title: https://gist.github.com/juntalis/4366916

Search URL Search Domain Scan URL

URL: https://gist.github.com/Cr4sh/126d844c28a7fbfd25c6
Title: https://gist.github.com/Cr4sh/126d844c28a7fbfd25c6

Search URL Search Domain Scan URL

URL: https://gist.github.com/GeneralTesler/68903f7eb00f047d32a4d6c55da5a05c
Title: https://gist.github.com/GeneralTesler/68903f7eb00f047d32a4d6c55da5a05c

Search URL Search Domain Scan URL

URL: https://github.com/hasherezade/pe-sieve/blob/master/utils/process_reflection.cpp
Title: https://github.com/hasherezade/pe-sieve/blob/master/utils/process_reflection.cpp

Search URL Search Domain Scan URL

URL: https://www.matteomalvica.com/blog/2019/12/02/win-defender-atp-cred-bypass/
Title: https://www.matteomalvica.com/blog/2019/12/02/win-defender-atp-cred-bypass/

Search URL Search Domain Scan URL

URL: https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2011/BH_US_11_Mandt_win32k_Slides.pdf
Title: https://paper.bobylive.com/Meeting_Papers/BlackHat/USA-2011/BH_US_11_Mandt_win32k_Slides.pdf

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=EkGDSqpfzgg
Title: https://www.youtube.com/watch?v=EkGDSqpfzgg

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCYerfisJf3hc9QOWmic1G9Q

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/deep-instinct

Search URL Search Domain Scan URL

URL: https://twitter.com/DeepInstinctSec

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DeepInstinctInc

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 86

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D316505%26time%3D1681389863300%26url%3Dhttps%253A%252F%252Fwww.deepinstinct.com%252Fblog%252Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&liSync=true&e_ipv6=AQKMNHkHWbZYVgAAAYd6pUQn35cgGihkP6CeBrtYH-g96HjNL8ghXXJk6r9OqSfAxH5nVXF-16wI

114 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request dirty-vanity-a-new-approach-to-code-injection-edr-bypass Show response
www.deepinstinct.com/blog/ 124 KB
33 KB 331ms
187ms Document
text/html 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a0087f3518b03be5fba7eb4e024312afe645c9f4ce0709650dd7e4d09cb06f52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 263
cache-control: s-maxage=300, stale-while-revalidate
content-encoding: gzip
content-length: 33152
content-type: text/html; charset=utf-8
date: Thu, 13 Apr 2023 12:44:22 GMT
etag: "1f1d5-tJzUZWZNhHmV71+UpYuBvnioZiI"
strict-transport-security: max-age=31557600
traceresponse: 00-1755571a6f58b208c23088b664d13385-5f71ef03ac894c6f-00
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 2, 1
x-content-type-options: nosniff
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-nextjs-cache: STALE
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-served-by: cache-iad-kiad7000054-IAD, cache-hhn-etou8220024-HHN
x-xss-protection: 1

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 117 KB
45 KB 112ms
31ms Script
application/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-P298HTJ

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f1f55f4619d859396e99138fbefe2ca2ea6b08e1a54af07ef3ef5bff742d0d01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 46011
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 13 Apr 2023 12:44:22 GMT

GET
H2 200 d94da3dc1af2f858.css
www.deepinstinct.com/_next/static/css/ 32 KB
7 KB 26ms
25ms Stylesheet
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/d94da3dc1af2f858.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f766cf336897fd76624b203e4ea48163f251f1ea0a249bced439c5fc7b217c2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59655
traceresponse: 00-175546dd591f8c7ca7a5668957a31b4b-b5df82630da28610-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 7217
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200087-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"7e03-18776f06e55"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 27, 1

GET
H2 200 b224548a43eb3fa8.css
www.deepinstinct.com/_next/static/css/ 9 KB
3 KB 25ms
24ms Stylesheet
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/b224548a43eb3fa8.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1da65daf1888814d38600dd6d227b8cfee080c593eceb29adf48eee2344fe348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59624
traceresponse: 00-175546dd418a903cf76e35e1cca865a3-f3b44da49e22175e-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 2413
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100155-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"24f8-18776f06e54"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 25, 1

GET
H2 200 e24af18bfed2b9e3.css
www.deepinstinct.com/_next/static/css/ 889 B
1 KB 25ms
24ms Stylesheet
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/e24af18bfed2b9e3.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

66aac9d3210f68de513a93e481d67dfa843665cdba4809f3bde13aefb77e71c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 59437
traceresponse: 00-175546e2625c2f964897eccc1d530a62-45d8b728dbe1df0b-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 889
x-xss-protection: 1
x-served-by: cache-iad-kiad7000031-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"379-18776f06e55"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 10, 1

GET
H2 200 5935-c757cc9152444a3d.js Show response
www.deepinstinct.com/_next/static/chunks/ 30 KB
11 KB 23ms
23ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5935-c757cc9152444a3d.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d619ebece095748eb92d409eaac19e4346f5d7380db0442021e0ef148bab686d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59655
traceresponse: 00-175546e2626e1cd1f73f95b473c64d9e-cd2aaf591fb7baab-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 10556
x-xss-protection: 1
x-served-by: cache-iad-kiad7000142-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"786a-18776f06e47"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 6329-831a74148bce6612.js Show response
www.deepinstinct.com/_next/static/chunks/ 139 KB
40 KB 28ms
25ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6329-831a74148bce6612.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

de90f9a4370cff2dafd0d322cf18b2d8c16baef1851c46e8d8624fa2b202fb18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59655
traceresponse: 00-175546e2616cdc64ec32bb4be5a82c4f-7159e327b89362a1-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 40554
x-xss-protection: 1
x-served-by: cache-iad-kiad7000158-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"22c1d-18776f06e49"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 248.0db1e1c53eb42682.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
1008 B 26ms
22ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/248.0db1e1c53eb42682.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a650259b67fd9815669b3a36ce8881448e8d5ad989de4bcb18ecae6ca73cfabe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59437
traceresponse: 00-175546e26262150492f387a7ac85719d-aa8526fcc8c1fa0e-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 810
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100046-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"676-18776f06e44"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 11, 1

GET
H2 200 webpack-cef1e152341226f9.js Show response
www.deepinstinct.com/_next/static/chunks/ 8 KB
4 KB 39ms
35ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f1f53a0319a47129cc3580d24544f26157a468ec87860065e9bd3d19d795e20e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59655
traceresponse: 00-175546dd78d39b39b98e928af7d0f02d-d38dd9b3d792111a-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 4057
x-xss-protection: 1
x-served-by: cache-iad-kiad7000128-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1ff4-18776f06e53"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 26, 1

GET
H2 200 framework-a070cbfff3c750c5.js Show response
www.deepinstinct.com/_next/static/chunks/ 127 KB
41 KB 53ms
49ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/framework-a070cbfff3c750c5.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

33dc89018fe5aed90ddd9f9615cba7412569abfad7d4995d81001e532aac79c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59857
traceresponse: 00-175546e262b9ac2ce33fa381c82500bb-83e0cde2a2e3b5ed-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 42155
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100148-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1fbbc-18776f06e4d"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 main-56046b3e412722f8.js Show response
www.deepinstinct.com/_next/static/chunks/ 120 KB
35 KB 40ms
36ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fc3d502ace2503c2860416688a2fa238234df171764c9bdd3fef3f02cbe0e61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59857
traceresponse: 00-175546e26243285a4cfaa53c8468a8ff-c01cca87179e9ddb-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 35599
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200085-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1e048-18776f06e4d"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 _app-de8101c0d8fecbbe.js Show response
www.deepinstinct.com/_next/static/chunks/pages/ 1 KB
983 B 38ms
34ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/_app-de8101c0d8fecbbe.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1bb11639b6fac45629437a0f8c465af729084e5ad3a70e61861cf170d25c1ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59857
traceresponse: 00-175546e2635aad57442154f9edf58db7-34ace1548dfc7fec-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 548
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200126-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"433-18776f06e4e"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 5675-33a595ecead4a5e3.js Show response
www.deepinstinct.com/_next/static/chunks/ 10 KB
4 KB 27ms
23ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5675-33a595ecead4a5e3.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

25701ff46a6938978e4b3a307406ea586727388fe86ed523c6edd4435ebd6c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59857
traceresponse: 00-175546e2625f718329936733a6e84d02-6c2b19e06190e926-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 4313
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200168-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"2937-18776f06e47"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 21, 1

GET
H2 200 9366-e4dac70fdca9d72a.js Show response
www.deepinstinct.com/_next/static/chunks/ 29 KB
10 KB 38ms
35ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/9366-e4dac70fdca9d72a.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5904bc0d6e72fc3e0028407f78c13aebab8a5e20104018420e1009f7cd9d1526

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59857
traceresponse: 00-175546e2629583af2fe50f4e21a9592d-5ea00ec141ec4a9d-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 9967
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200091-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"75d3-18776f06e4c"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 6368-3bf2eab385fcb27a.js Show response
www.deepinstinct.com/_next/static/chunks/ 28 KB
10 KB 56ms
53ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6368-3bf2eab385fcb27a.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

bde2ea90277daad70c9fe415da39aae66f649429616ab61f3f665eaed31d550e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59654
traceresponse: 00-175546dd8e3bd742e1bbabd78871c7c2-83b38d5b8a6e1bcc-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 9603
x-xss-protection: 1
x-served-by: cache-iad-kiad7000021-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"6fdb-18776f06e49"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 27, 1

GET
H2 200 6804-8e18f115671d1a69.js Show response
www.deepinstinct.com/_next/static/chunks/ 18 KB
6 KB 57ms
54ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6804-8e18f115671d1a69.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

79cd380d7c4a2d38776ca3a20830c95fd898e454ee523bd677596892ce38c5e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59623
traceresponse: 00-175546ddac7c2a2428963c7a06897e81-b1cb63caa47c2882-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 5840
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100107-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"4938-18776f06e49"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 24, 1

GET
H2 200 %5Bpid%5D-8fc23f09fa5ca4f0.js Show response
www.deepinstinct.com/_next/static/chunks/pages/blog/ 572 B
725 B 59ms
56ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/blog/%5Bpid%5D-8fc23f09fa5ca4f0.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

12f768e0a4b9552236112e0c7f41643b2578f4ff21f1d06215f3b076d7cad955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 59857
traceresponse: 00-175546e2622b40dc1f68e436de9dffff-b88d4eeaf20f3b43-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 572
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100124-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"23c-18776f06e4f"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 _buildManifest.js Show response
www.deepinstinct.com/_next/static/oRt4dHiIPsdkHB1ovCp6V/ 8 KB
2 KB 56ms
54ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/oRt4dHiIPsdkHB1ovCp6V/_buildManifest.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6e5b502a96d0e591d96fb35dfe1887d0526b39ec260de1136a0b9745000ce10a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59654
traceresponse: 00-175546ddc8bcf8a8193f1649d2c94148-35ab2b469962bf62-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 1521
x-xss-protection: 1
x-served-by: cache-iad-kiad7000113-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1e74-18776f06e58"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 27, 1

GET
H2 200 _ssgManifest.js Show response
www.deepinstinct.com/_next/static/oRt4dHiIPsdkHB1ovCp6V/ 455 B
597 B 58ms
55ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/oRt4dHiIPsdkHB1ovCp6V/_ssgManifest.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

32cc58a56e1170810316c9cb82dd82a1fb379e2b82139b5ed039063bb40e4724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 59654
traceresponse: 00-175546dde23f2f1434c766f51b98d360-e0e8b3cae53324ef-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 455
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100044-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1c7-18776f06e58"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 27, 1

GET
H2 200 zka3qml.css
use.typekit.net/ 3 KB
1002 B 170ms
37ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/zka3qml.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

58cbce6773a86e5d812444badcc12a2b7da1bc9bd7508c777f67189a4a0ac6b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Thu, 13 Apr 2023 12:44:22 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 770

GET
H2 200 fig1-fork-origins.png
www.deepinstinct.com/image/blt7070c3654116a936/643442e3fbe24d10f96bc269/ 59 KB
59 KB 298ms
296ms Image
image/png 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt7070c3654116a936/643442e3fbe24d10f96bc269/fig1-fork-origins.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

401073114ee4435a382d955f04702f1026bd39774d8040289484589992a1c981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 243266
traceresponse: 00-17557f2bf5abdf463dfe8f7512d73faa-207aa2efe16b81fe-00
x-cache: HIT, HIT, MISS, MISS
fastly-io-info: ifsz=66845 idim=522x235 ifmt=png ofsz=60326 odim=522x235 ofmt=png
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename=fig1-fork-origins.png
fastly-stats: io=1
content-length: 60326
x-xss-protection: 1
x-request-id: 5857
x-served-by: cache-sjc10072-SJC, cache-fty21348-FTY, cache-iad-kcgs7200161-IAD, cache-hhn-etou8220024-HHN
x-runtime: 54ms
x-timer: S1681389863.730517,VS0,VE1
x-contentstack-organization: bltdec97706489ab5de
etag: "wFKjRLh5HDwuGxGjQKASioQhKJudSAcCXp6N8L8jq4Q"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-cs-surrogate-key: blt1ec077b6b53d6b3e.sys_assets blt1ec077b6b53d6b3e.sys_assets.blt7070c3654116a936.download
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 5, 1, 0, 0

GET
H2 200 fig2-process-reflection.png
www.deepinstinct.com/image/blt3b2f572fc104cf14/643442e3cbf631109cafaa34/ 116 KB
117 KB 317ms
315ms Image
image/png 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt3b2f572fc104cf14/643442e3cbf631109cafaa34/fig2-process-reflection.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

316d0bb30ee8ca93b8997a731156ba8a86f3c3d1433279cf05b85834487fd127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 243266
traceresponse: 00-17557f2bf518184cbc00ab519fd9443a-e6207eafabe925b8-00
x-cache: HIT, HIT, MISS, MISS
fastly-io-info: ifsz=119358 idim=1803x355 ifmt=png ofsz=119224 odim=1803x355 ofmt=png
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename=fig2-process-reflection.png
fastly-stats: io=1
content-length: 119224
x-xss-protection: 1
x-request-id: 32428
x-served-by: cache-sjc10050-SJC, cache-iad-kiad7000029-IAD, cache-iad-kjyo7100120-IAD, cache-hhn-etou8220024-HHN
x-runtime: 61ms
x-timer: S1681389863.734218,VS0,VE1
x-contentstack-organization: bltdec97706489ab5de
etag: "Bpddw+IkFz6LC8Wf3n3EN+Wd4qM2LdpgTAztk73kE4M"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-cs-surrogate-key: blt1ec077b6b53d6b3e.sys_assets blt1ec077b6b53d6b3e.sys_assets.blt3b2f572fc104cf14.download
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 1, 1, 0, 0

GET
H2 200 fig3-credential-dumping-via-fork.png
www.deepinstinct.com/image/blt493527a8f42590a4/643442e3c2c6bc10e59e0340/ 133 KB
134 KB 299ms
297ms Image
image/png 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt493527a8f42590a4/643442e3c2c6bc10e59e0340/fig3-credential-dumping-via-fork.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

23eab6d6981b62624b7b440012bfb3809b0033b4998d78533ed2c0d77e5053a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 243266
traceresponse: 00-17557f2bf534a63af4af4727aae306b1-89c99259fac1f0b0-00
x-cache: HIT, HIT, MISS, MISS
fastly-io-info: ifsz=136997 idim=1803x414 ifmt=png ofsz=136355 odim=1803x414 ofmt=png
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename=fig3-credential-dumping-via-fork.png
fastly-stats: io=1
content-length: 136355
x-xss-protection: 1
x-request-id: 53467
x-served-by: cache-sjc10061-SJC, cache-iad-kiad7000091-IAD, cache-iad-kcgs7200029-IAD, cache-hhn-etou8220024-HHN
x-runtime: 68ms
x-timer: S1681389863.735794,VS0,VE1
x-contentstack-organization: bltdec97706489ab5de
etag: "jEjOpUqEwv8HAM+Tqb7gBjlFtVGMgwxZ3jjv7hqZOOQ"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-cs-surrogate-key: blt1ec077b6b53d6b3e.sys_assets blt1ec077b6b53d6b3e.sys_assets.blt493527a8f42590a4.download
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 1, 1, 0, 0

GET
H2 200 fig4-simple-injection-explorer.png
www.deepinstinct.com/image/blt023fb9084b818f2f/643442e3ebab9311566eff72/ 43 KB
44 KB 59ms
57ms Image
image/png 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt023fb9084b818f2f/643442e3ebab9311566eff72/fig4-simple-injection-explorer.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8151e3ccf63bdbd7960c92c547fd59f91edb22aa6e6618ed38c0c9e22464b20f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 243265
traceresponse: 00-175572ed4432092270516c032dcfba55-3b8599bd1eec687a-00
x-cache: HIT, HIT, HIT, HIT
fastly-io-info: ifsz=44700 idim=1421x891 ifmt=png ofsz=44521 odim=1421x891 ofmt=png
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename=fig4-simple-injection-explorer.png
fastly-stats: io=1
content-length: 44521
x-xss-protection: 1
x-request-id: 39039
x-served-by: cache-sjc10071-SJC, cache-fty21363-FTY, cache-iad-kcgs7200045-IAD, cache-hhn-etou8220024-HHN
x-runtime: 61ms
x-timer: S1681376399.311877,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "z5iNbMyEPO5UTkjMByrxFGHuoo0vecPZYQym+ifrDgo"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-cs-surrogate-key: blt1ec077b6b53d6b3e.sys_assets blt1ec077b6b53d6b3e.sys_assets.blt023fb9084b818f2f.download
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 2, 1, 0, 1

GET
H2 200 fig5-dirty-vanity-flow.png
www.deepinstinct.com/image/blt243b8778f1db300a/643442e3c718e710edd3c877/ 74 KB
75 KB 271ms
270ms Image
image/png 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt243b8778f1db300a/643442e3c718e710edd3c877/fig5-dirty-vanity-flow.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

42ed7a1b76636aa21b17b9ea8d2617164810172d0358f1a245ece70f98e1b350

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 243266
traceresponse: 00-17557f2bf5d2dba012bc2756113148c2-5c89d6f91253afbf-00
x-cache: HIT, HIT, MISS, MISS
fastly-io-info: ifsz=76132 idim=1397x941 ifmt=png ofsz=76132 odim=1397x941 ofmt=png
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename=fig5-dirty-vanity-flow.png
fastly-stats: io=1
content-length: 76132
x-xss-protection: 1
fastly-io-warning: Failed to shrink image
x-request-id: 69456
x-served-by: cache-sjc10066-SJC, cache-fty21373-FTY, cache-iad-kjyo7100156-IAD, cache-hhn-etou8220024-HHN
x-runtime: 35ms
x-timer: S1681389863.731754,VS0,VE1
x-contentstack-organization: bltdec97706489ab5de
etag: "WR5zqKWD4FQO308J13oQWVKNUtkiNPdBwdyWD8va1tE"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-cs-surrogate-key: blt1ec077b6b53d6b3e.sys_assets blt1ec077b6b53d6b3e.sys_assets.blt243b8778f1db300a.download
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 6, 1, 0, 0

GET
H2 200 fig6-dirty-vanity-invoked-over-explorer-pid.png
www.deepinstinct.com/image/blt8617421af6073d05/643442e36c90a41201400ea4/ 21 KB
22 KB 246ms
244ms Image
image/png 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt8617421af6073d05/643442e36c90a41201400ea4/fig6-dirty-vanity-invoked-over-explorer-pid.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

11f56658b8b3905023ed8fc68281b124371cc4f7f9450003ddb842d1e36416eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 243266
traceresponse: 00-17557f24c149f00b74eef36adc3fffed-e233af3e6c788587-00
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=24497 idim=782x315 ifmt=png ofsz=21761 odim=782x315 ofmt=png
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename=fig6-dirty-vanity-invoked-over-explorer-pid.png
fastly-stats: io=1
content-length: 21761
x-xss-protection: 1
x-request-id: 97149
x-served-by: cache-sjc10047-SJC, cache-fty21355-FTY, cache-iad-kcgs7200074-IAD, cache-hhn-etou8220024-HHN
x-runtime: 46ms
x-timer: S1681389832.806217,VS0,VE3
x-contentstack-organization: bltdec97706489ab5de
etag: "Nat3C+kjbc42slgki6hy4B4AvLI99KRUVwMBhevX+lE"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-cs-surrogate-key: blt1ec077b6b53d6b3e.sys_assets blt1ec077b6b53d6b3e.sys_assets.blt8617421af6073d05.download
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 1, 1, 0, 0

GET
H2 200 fig7-forked-explorer-child-process-executing-our-shellcode.png
www.deepinstinct.com/image/blt3d88307b5c662a28/643442e3aa312f114ba7ded8/ 15 KB
15 KB 265ms
263ms Image
image/png 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/image/blt3d88307b5c662a28/643442e3aa312f114ba7ded8/fig7-forked-explorer-child-process-executing-our-shellcode.png

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fec6d73f7aedcf6870991b2e11d88968b170327d13dbdb8213c04932e6dcbc08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 243266
traceresponse: 00-17557f2bf5c059066bd76c979ce4427d-0dd65fd737380148-00
x-cache: HIT, HIT, MISS, MISS
fastly-io-info: ifsz=16407 idim=480x294 ifmt=png ofsz=15031 odim=480x294 ofmt=png
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename=fig7-forked-explorer-child-process-executing-our-shellcode.png
fastly-stats: io=1
content-length: 15031
x-xss-protection: 1
x-request-id: 10321
x-served-by: cache-sjc10071-SJC, cache-iad-kjyo7100089-IAD, cache-iad-kcgs7200063-IAD, cache-hhn-etou8220024-HHN
x-runtime: 51ms
x-timer: S1681389863.737174,VS0,VE2
x-contentstack-organization: bltdec97706489ab5de
etag: "Q2HctlqqwxNeIkChivUqBlzVps2ep0RiX4C50QMbCi0"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
cache-control: max-age=31536000
x-debug-info: eyJyZXRyaWVzIjowfQ==
x-cs-surrogate-key: blt1ec077b6b53d6b3e.sys_assets blt1ec077b6b53d6b3e.sys_assets.blt3d88307b5c662a28.download
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 2, 1, 0, 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 236 KB
83 KB 104ms
41ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

09c9153b8a711b709875588f6844ad5677db641befd891317951fcd0e0928216

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84557
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 13 Apr 2023 12:44:22 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 78 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af144d639dc5c33722d3426bda462d68577e1c63ab319abf355da1ef73859495

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 127ms
23ms Stylesheet
text/css 2a02:26f0:780::5f65:3681
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=zka3qml&ht=tk&f=10954.13454.13466.28969&a=83637106&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::5f65:3681 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 2757.2159eeb22ad7f48b.js Show response
www.deepinstinct.com/_next/static/chunks/ 427 B
703 B 23ms
23ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/2757.2159eeb22ad7f48b.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

90aca30e747dbe0cd4ae4a29a0d588aff8693e295bb1d5c322188955608f658b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 59857
traceresponse: 00-175546db68534306dd160b0000b1ffbd-dc97d06987dd8347-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 427
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200078-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1ab-18776f06e44"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 5972.698bd1faa1f17a01.js Show response
www.deepinstinct.com/_next/static/chunks/ 4 KB
2 KB 23ms
23ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5972.698bd1faa1f17a01.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

73de89ad27fa1fcfb8372b6656106165d4865b3ee287ad208f0074ef99f586b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59857
traceresponse: 00-175546db9bca743a70c1453ee23e6508-2c100c7022e89392-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 1926
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100104-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1071-18776f06e48"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 5518.80f4656ccdd1c449.js Show response
www.deepinstinct.com/_next/static/chunks/ 23 KB
9 KB 24ms
24ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5518.80f4656ccdd1c449.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ba546f8a87a68abc792ddd24f67f1941f15f77e2605b6cad27d798cfd256df37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59857
traceresponse: 00-175546db9ab26f4fe4b3c1bb8b4445ce-6728f0f93b39339a-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 9369
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100037-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"5aae-18776f06e47"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 21, 1

GET
H2 200 2f9e2c2f1c3b95ee.css
www.deepinstinct.com/_next/static/css/ 1 KB
585 B 24ms
23ms Stylesheet
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/2f9e2c2f1c3b95ee.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4574422b79a9d4a5793b41636bfcf680e171b4f050e4089b78c8fb48d16af49d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59856
traceresponse: 00-175546db9aa11e997858bfcdd43b79ba-48f422fa1d0bfffb-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 361
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100041-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"4ed-18776f06e53"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 19, 1

GET
H2 200 7359.6827a0811ecafe2e.js Show response
www.deepinstinct.com/_next/static/chunks/ 3 KB
2 KB 23ms
23ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/7359.6827a0811ecafe2e.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d9e4bc7f524ea160871d4024cfac2af513ba31293d41cf4d13e7de4e665750d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59856
traceresponse: 00-175546db9aafdb431c29ac4facf838c9-ebaf85f503ac850d-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 1265
x-xss-protection: 1
x-served-by: cache-iad-kiad7000022-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"b05-18776f06e4a"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 3204.4d4bc288e26c86f6.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
1 KB 41ms
41ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/3204.4d4bc288e26c86f6.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

551397ca1cc84b261fbfb4ec91a3be7e5cb4704f58bdc293808a2f06e904e8d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59653
traceresponse: 00-175546db9abcadc63c25cf314c5cd66c-b6e84ea48c0a460c-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 993
x-xss-protection: 1
x-served-by: cache-iad-kiad7000091-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"6e5-18776f06e45"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 17, 1

GET
H2 200 5500.a842325987ceada0.js Show response
www.deepinstinct.com/_next/static/chunks/ 560 B
712 B 22ms
22ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/5500.a842325987ceada0.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

df8d379a7d695bed8a2c8c58fa2b7b5c06837252815cf494b12e65d67c245060

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 59653
traceresponse: 00-175546db9aee12a51396604b2bcfd374-85e724c21da3b167-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 560
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200134-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"230-18776f06e47"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 6773.39400dc36a5f8737.js Show response
www.deepinstinct.com/_next/static/chunks/ 1 KB
984 B 23ms
23ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/6773.39400dc36a5f8737.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8908366014bb39af214d72a81154943df61d430966ae776aeda1e1bf094b10b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59653
traceresponse: 00-175546dd048f5b0e959fba446df83125-cd6bf995527b85b0-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 679
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200034-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"49d-18776f06e49"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 4082.f76b657326d5df42.js Show response
www.deepinstinct.com/_next/static/chunks/ 376 B
578 B 30ms
30ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/4082.f76b657326d5df42.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9c0180fc3efb7e159a483e9f2c8ea7db1595a30cd8e3bd0f7b6f391405c3352a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
age: 59654
traceresponse: 00-175546dd11a8a529174a61426517ec08-dc727768ea4d272b-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 376
x-xss-protection: 1
x-served-by: cache-iad-kiad7000128-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"178-18776f06e45"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 23bdd20fec6ac77c.css
www.deepinstinct.com/_next/static/css/ 7 KB
2 KB 31ms
30ms Stylesheet
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/23bdd20fec6ac77c.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b4a37063d603063c0cb3dc4a2a676d25d3c31fabf4ce463177e5c49afce72051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59347
traceresponse: 00-175546dd2e1c21ce7e82097aa0b4b308-d34c86ff32685416-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 1509
x-xss-protection: 1
x-served-by: cache-iad-kiad7000120-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"1b72-18776f06e53"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 15, 1

GET
H2 200 2644.e9dbe4c1750f93bc.js Show response
www.deepinstinct.com/_next/static/chunks/ 4 KB
2 KB 26ms
25ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/2644.e9dbe4c1750f93bc.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

08ee3b86073e37eb67b95589c8c51f696755b636eadecb02bcd81679999dc3db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59347
traceresponse: 00-175546dd2cf587f13a3c6e93f6b06298-9b3eec4d6f4f8816-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 1597
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200147-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"edb-18776f06e44"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 16, 1

GET
H2 200 2030.f80c6d0379cfe528.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
1 KB 27ms
27ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/2030.f80c6d0379cfe528.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1b791f37e7cfac61b4b9e28963f4afbbc99fce9766fe8a872d8196dc7dc21375

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59653
traceresponse: 00-175546dd3416f26ee426681ac7317e5f-146be45f10424ad0-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 826
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200032-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"64d-18776f06e43"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 20, 1

GET
H2 200 l
use.typekit.net/af/04ec74/00000000000000000001205b/27/ 29 KB
29 KB 149ms
40ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/04ec74/00000000000000000001205b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8d0056dcc26b8dce6be00539697962adb12475fbf9cbf7fdcbc7c81b2ae7328d

Request headers

Referer: https://use.typekit.net/zka3qml.css
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
server: nginx
etag: "1c4557ace28950fbc49487c3a85660222d5fe232"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 29588

GET
H2 200 l
use.typekit.net/af/1709eb/000000000000000000010b60/27/ 24 KB
24 KB 178ms
70ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1709eb/000000000000000000010b60/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: f94786fe65dcbc65b0099b471ae2bb89bbabd7fa7d8573dd3c4e0f5bbe555447

Request headers

Referer: https://use.typekit.net/zka3qml.css
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
server: nginx
etag: "9bd0488a91630a3c738a4d950e0b0b7930bcb98f"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24740

GET
H2 200 l
use.typekit.net/af/442215/000000000000000000010b5a/27/ 23 KB
23 KB 143ms
36ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/442215/000000000000000000010b5a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/zka3qml.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8d5da73586712159bb569fbfbd370f05a258113b2591ba238ef4e7bde1db13b7

Request headers

Referer: https://use.typekit.net/zka3qml.css
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
server: nginx
etag: "9523c64514161c03124fab238b18113d17bad9eb"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23800

GET
H2 200 image
www.deepinstinct.com/_next/ 57 KB
57 KB 112ms
110ms Image
image/webp 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fwww.deepinstinct.com%2Fimage%2Fbltf3c2a4f9c46fc70e%2F64345544e8c65f11395e8f34%2Fdirty-vanity-blog.jpg&w=1680&q=100

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1997949d35b6cbf7fbb515b2d46253116be72265bfe359860cf74b2c9ff30046

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 12:44:23 GMT
strict-transport-security: max-age=31557600
age: 30
traceresponse: 00-17556e538a1feeff17b2072dd232c74b-e0ec87664bb59781-00
x-cache: MISS, HIT
x-nextjs-cache: HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename="dirty-vanity-blog.webp"
content-length: 58424
x-xss-protection: 1
x-served-by: cache-iad-kiad7000155-IAD, cache-hhn-etou8220024-HHN
etag: GZeUnTW2y-f7tRWy1GJTEWvnImW-41mGDPdLLJ-zAEY=
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept
content-type: image/webp
cache-control: public, max-age=31536000, must-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 0, 1

GET
H2 200 image
www.deepinstinct.com/_next/ 854 B
1 KB 114ms
114ms Image
image/webp 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/_next/image?url=%2Fauthor-headshot-default.png&w=64&q=75

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

728234c3ca37d8780f505645d1399cb581cd47519ba1624de89ae6eefa9c212d

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 12:44:23 GMT
strict-transport-security: max-age=31557600
age: 260
traceresponse: 00-17554df44ed85f7ad89036940c94d964-6c7f46b56c425f18-00
x-cache: HIT, HIT
x-nextjs-cache: STALE
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename="author-headshot-default.webp"
content-length: 854
x-xss-protection: 1
x-served-by: cache-iad-kiad7000176-IAD, cache-hhn-etou8220024-HHN
etag: coI0w8o32HgPUFZF0TmctYHNR1GboWJN6Jrm7vqcIS0=
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept
content-type: image/webp
cache-control: public, max-age=60, must-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 48, 1

GET
H2 200 image
www.deepinstinct.com/_next/ 2 KB
2 KB 23ms
22ms Image
image/webp 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deepinstinct.com/_next/image?url=https%3A%2F%2Fimages.contentstack.io%2Fv3%2Fassets%2Fblt1ec077b6b53d6b3e%2Fbltfdfca743f7ac9662%2F630e2d5d8bdc107d4a01ba3f%2F800x800-blue-monogram.png&w=64&q=75

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8756a7999565ab10f142e83ece98cc7ff5314b241b96913c89fae9e05eb5610d

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 12:44:23 GMT
strict-transport-security: max-age=31557600
age: 38617
traceresponse: 00-175546f05f2618f0ecf147974200b45e-067225298785d744-00
x-cache: HIT, HIT
x-nextjs-cache: MISS
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-disposition: inline; filename="800x800-blue-monogram.webp"
content-length: 1748
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200111-IAD, cache-hhn-etou8220024-HHN
etag: h1anmZVlqxDxQug+zpjMf-UxSyQblpE8ifrp4F61YQ0=
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept
content-type: image/webp
cache-control: public, max-age=31536000, must-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 3, 1

GET
H2 200 who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms.json Show response
www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/blog/ 27 KB
7 KB 23ms
22ms Fetch
application/json 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/blog/who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms.json?pid=who-is-the-only-new-vendor-in-the-2022-gartner-magic-quadrant-for-endpoint-protection-platforms

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a78496a0a885dd6a505aec683e2b574e517bc03076ca3ad9335bf2fade48b7db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-nextjs-matched-path: /en/blog/[pid]
via: 1.1 varnish, 1.1 varnish
traceresponse: 00-175546dd3326ceae8c02894d3467f9ef-7259765ca8d15ee8-00
age: 415
x-cache: HIT, HIT
x-nextjs-cache: HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 6770
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200159-IAD, cache-hhn-etou8220024-HHN
etag: "6b46-iN8dKQcOHioI59Zu4idq7ysGtZA"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=300, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 22, 1

GET
H2 200 blog.json Show response
www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/ 97 KB
29 KB 27ms
25ms Fetch
application/json 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/blog.json?pid=blog

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

11fb93e01fb53a1176baf5fe47df1528872f3011519d324e336116ca21a225b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-nextjs-matched-path: /en/[pid]
via: 1.1 varnish, 1.1 varnish
traceresponse: 00-17556eea729e0588025c5ed0f849de59-943559f37aa10ec9-00
age: 159
x-cache: HIT, HIT
x-nextjs-cache: HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 28830
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100159-IAD, cache-hhn-etou8220024-HHN
etag: "18534-XSgzyRmDp4hnGHJVS71p5LO0QWU"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=60, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 141, 1

GET
H2 200 %5Bpid%5D-4f6d125e5adab193.js
www.deepinstinct.com/_next/static/chunks/pages/ 0
2 KB 24ms
23ms Other
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/%5Bpid%5D-4f6d125e5adab193.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59654
traceresponse: 00-175546dd340dd0d55e98752994363c9b-47d4934829911605-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 1311
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100134-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"168e-18776f06e4e"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 18, 1

GET
H2 200 1.json Show response
www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/author/eliran-nissan/page/ 48 KB
14 KB 115ms
114ms Fetch
application/json 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/author/eliran-nissan/page/1.json

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f4e9ec4a5050ebd8ac05c076233505a42340c8aeb1b6ac114f71c67e071fdf78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-nextjs-matched-path: /en/author/[uid]/page/[pid]
via: 1.1 varnish, 1.1 varnish
traceresponse: 00-17555c0ccea817db838c135a3dd17a45-8eea0021979c89a3-00
age: 262
x-cache: HIT, HIT
x-nextjs-cache: STALE
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 14253
x-xss-protection: 1
x-served-by: cache-iad-kiad7000047-IAD, cache-hhn-etou8220024-HHN
etag: "c10d-W6Th41hJgBdIm6tl1Lx4rumodtE"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=60, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 22, 1

GET
H2 200 %5Bpid%5D-e6e1dbac1a01dffe.js
www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/ 0
4 KB 25ms
24ms Other
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/%5Bpid%5D-e6e1dbac1a01dffe.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59437
traceresponse: 00-175546e2aaad4c8053903b6ff0d72ada-fd738db0d9838e3a-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 3706
x-xss-protection: 1
x-served-by: cache-iad-kiad7000105-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"276f-18776f06e4f"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 10, 1

GET
H2 200 1.json Show response
www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/author/deep-instinct-research/page/ 210 KB
58 KB 111ms
110ms Fetch
application/json 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/author/deep-instinct-research/page/1.json

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4b6bdb7295da01c6791c50c7c3c1ed550c3e5119a248041b922bde34f8223ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-nextjs-matched-path: /en/author/[uid]/page/[pid]
via: 1.1 varnish, 1.1 varnish
traceresponse: 00-175555c91d3cf377efd071c5eb229764-d9994c532098a0f2-00
age: 41
x-cache: HIT, MISS
x-nextjs-cache: STALE
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 59153
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100088-IAD, cache-hhn-etou8220024-HHN
etag: "3479d-XeNESCU9EsFj1R1P6kE2PkibyWY"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=60, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 54, 0

GET
H2 200 partners.json Show response
www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/ 22 KB
6 KB 28ms
27ms Fetch
application/json 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/data/oRt4dHiIPsdkHB1ovCp6V/en/partners.json?pid=partners

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

79e3bdc27a81801e6514d83c329d634d6ca99d0f85905c58d23cd92e11468714

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

purpose: prefetch
x-nextjs-data: 1
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-nextjs-matched-path: /en/[pid]
via: 1.1 varnish, 1.1 varnish
traceresponse: 00-175546dd34318ef501bf0231e46bb37c-0bcd25caecd6ed02-00
age: 725
x-cache: HIT, HIT
x-nextjs-cache: HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 6182
x-xss-protection: 1
x-served-by: cache-iad-kcgs7200144-IAD, cache-hhn-etou8220024-HHN
etag: "57f8-LHI8HOY3Hyt2bmwTGPnJuVAFNv0"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/json
cache-control: s-maxage=300, stale-while-revalidate
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 17, 1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 72ms
21ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 12:05:09 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 2354
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Thu, 13 Apr 2023 14:05:09 GMT

GET
H2 200 hotjar-1665869.js Show response
static.hotjar.com/c/ 9 KB
4 KB 134ms
36ms Script
application/javascript 18.155.145.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1665869.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.155.145.24 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-155-145-24.ham50.r.cloudfront.net

Software

Resource Hash

41282c7b1f5e45ef3b649875f2752592904d0e4d24b8b0307ecffd7babe3c828

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 12:43:53 GMT
via: 1.1 78c791f2019c33bd5940f0dca5bfaee0.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P1
age: 30
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/23160c7208298df9cddce3c78cf6aa72
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: KSIGbsx_kzVu2GUbXkEiObyl3dgMldbRp-1WTEA8b3qpzRSZEzaqqw==

GET
H2 200 8430ce879b38826d.min.js Show response
tag.demandbase.com/ 67 KB
19 KB 101ms
31ms Script
application/javascript 52.85.92.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.demandbase.com/8430ce879b38826d.min.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.92.7 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-92-7.ham50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

90a2f09b0c14c3c7e3069b7e93088dc15339cf55b82b07dd533687b156a97646

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-amz-version-id: OpiRqK438lGN_NKAD_FCtiJg2FDBp28X
content-encoding: gzip
via: 1.1 8c7d2e4b1dd1d9cc43ca7f060033ac40.cloudfront.net (CloudFront)
date: Thu, 13 Apr 2023 11:51:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: HAM50-C1
age: 3197
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 03 Feb 2023 22:49:46 GMT
server: AmazonS3
etag: W/"db3eddc02dde7327815bb3231b38b6c0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-id: VP64cXMs3xij5pFTPKlMI5Fh_w1G8fWo5AHLfoZeakah6qU-PgSQgA==

GET
H2 200 2183098.js Show response
js.hs-scripts.com/ 1 KB
896 B 224ms
155ms Script
application/javascript 2606:4700::6812:873b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/2183098.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:873b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 887cb28e1f4f8540ee5c8e06114597b16e4f7150089d30032449ef435d22d51a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 13 Apr 2023 12:41:47 GMT
server: cloudflare
x-hubspot-correlation-id: 7b07e0e8-c3ce-4aa6-946e-9d78b42ae7a7
x-trace: 2B8DFCCC6C1A5CBF6422A076CA0F9C893EF20D4723000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.deepinstinct.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 7b73ccd528dc9b37-FRA
expires: Thu, 13 Apr 2023 12:45:23 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
77 KB 41ms
41ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-P5MMKMDSNW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c6f523eb0dd21c0de7d1910d6cc92694da5bc10a6d8b611f3a1779f2504599fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79108
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 13 Apr 2023 12:44:23 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/812608847/ 3 KB
2 KB 127ms
65ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/812608847/?random=1681389863155&cv=11&fst=1681389863155&bg=ffffff&guid=ON&async=1&gtm=45He34a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&hn=www.googleadservices.com&frm=0&tiba=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&auid=2094880038.1681389863&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09e44c9f540d6d15578f730153923e341c5926c81379c8da1ffdd516c99ba20d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1278
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 134ms
35ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=66923
accept-ranges: bytes
content-length: 4777

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 100ms
23ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230123-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 107 KB
28 KB 82ms
22ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0ec06672fe3c64b5f9a2734153c38dc3aac1a84dd0c656447e4f393339608db6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 13 Apr 2023 12:44:23 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27909
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: VGRqaJJENEVANHl8DCSafwBxVyucNB0NqmXx17Q6AByrR2gcCXMhA+CCZUNAsLo5QRR67S8BVjHSEgZjdjURJA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 132ms
47ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 13 Apr 2023 12:44:23 GMT
last-modified: Thu, 16 Feb 2023 18:31:53 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6D618E2C99F6436BB9CFCE3E7023CFD1 Ref B: FRAEDGE1316 Ref C: 2023-04-13T12:44:23Z
etag: "8072cff03442d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11894

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 149ms
22ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52PC3MW
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: 0bd2810d200cd4e4a6c1c48cedcecbaa329e48b0245b805eed948616469ccd4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
last-modified: Wed, 12 Apr 2023 22:24:27 GMT
server: ECS (frb/67D4)
age: 48363
etag: "9fbc288b8d6dd91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25471

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 111ms
51ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 554
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 7b73ccd5991737c6-FRA
expires: Thu, 13 Apr 2023 12:45:09 GMT

GET
H2 200 1259.2c2ed873ed26db49.js Show response
www.deepinstinct.com/_next/static/chunks/ 2 KB
1 KB 28ms
27ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/1259.2c2ed873ed26db49.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/webpack-cef1e152341226f9.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

66452618423fb997d299a94cd1373cd8d9ecc3c3976be0a6dbe3adf78113768e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59653
traceresponse: 00-175546e2ad6074ffe4e702f2a57b2235-1149eae1f348aa0c-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 987
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100036-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"6ca-18776f06e43"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 18, 1

GET
H2 200 b224548a43eb3fa8.css Show response
www.deepinstinct.com/_next/static/css/ 9 KB
3 KB 33ms
23ms Fetch
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/b224548a43eb3fa8.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1da65daf1888814d38600dd6d227b8cfee080c593eceb29adf48eee2344fe348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59625
traceresponse: 00-175546dd418a903cf76e35e1cca865a3-f3b44da49e22175e-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 2413
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100155-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"24f8-18776f06e54"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 25, 2

GET
H2 200 %5Bpid%5D-e6e1dbac1a01dffe.js Show response
www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/ 10 KB
4 KB 33ms
25ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/author/%5Buid%5D/page/%5Bpid%5D-e6e1dbac1a01dffe.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

28b79e216761a83f877d6c35be1dbbd7885c4047d16b449e297d80512d7d3310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59437
traceresponse: 00-175546e2aaad4c8053903b6ff0d72ada-fd738db0d9838e3a-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 3706
x-xss-protection: 1
x-served-by: cache-iad-kiad7000105-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"276f-18776f06e4f"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 10, 2

GET
H2 200 6b0726eda24aac33.css Show response
www.deepinstinct.com/_next/static/css/ 11 KB
3 KB 34ms
25ms Fetch
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/6b0726eda24aac33.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9752267ba45e048e57da0727ab4c333278750e3c77ed43582a4631019f8d2e08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59437
traceresponse: 00-175546e2ac8bb2f825c121e45e702652-96d53ad098ec7ae9-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 2567
x-xss-protection: 1
x-served-by: cache-iad-kiad7000151-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"2a6a-18776f06e54"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 7, 1

GET
H2 200 %5Bpid%5D-4f6d125e5adab193.js Show response
www.deepinstinct.com/_next/static/chunks/pages/ 6 KB
1 KB 32ms
24ms Script
application/javascript 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/chunks/pages/%5Bpid%5D-4f6d125e5adab193.js

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

db63f4f64cb4cd13ca5f37501235d010cf8177e6a77cc701260839b0500fe3db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59654
traceresponse: 00-175546dd340dd0d55e98752994363c9b-47d4934829911605-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 1311
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100134-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"168e-18776f06e4e"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 18, 2

GET
H2 200 3adbf07b3f2b0b49.css Show response
www.deepinstinct.com/_next/static/css/ 8 KB
2 KB 34ms
26ms Fetch
text/css 151.101.2.216
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deepinstinct.com/_next/static/css/3adbf07b3f2b0b49.css

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/_next/static/chunks/main-56046b3e412722f8.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

151.101.2.216 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b533ae2db8f5a88eaf3f672b011f61a9bcf635a09912cb547af9cd95c360e617

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish, 1.1 varnish
age: 59854
traceresponse: 00-175546dd4e792cfb73180575c843f34c-adf38a88378b24ef-00
x-cache: HIT, HIT
x-platform-processor: lrqvyolazvcczpbgbqvqa2aevu
content-length: 2074
x-xss-protection: 1
x-served-by: cache-iad-kjyo7100095-IAD, cache-hhn-etou8220024-HHN
last-modified: Wed, 12 Apr 2023 19:28:01 GMT
etag: W/"20d4-18776f06e54"
x-platform-cluster: qruzvamzm7ypg-master-7rqtwti
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-debug-info: eyJyZXRyaWVzIjowfQ==
accept-ranges: bytes
x-platform-router: 2c3j7zqoxtyvuoo2u4bdbchvfe
x-cache-hits: 18, 1

POST
H2 204 collect
region1.google-analytics.com/g/ 0
257 B 135ms
31ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-P5MMKMDSNW&gtm=45je34a0&_p=1613954881&cid=1342275840.1681389863&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1681389863&sct=1&seg=0&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&dt=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P5MMKMDSNW&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepinstinct.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 42ms
42ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1613954881&t=pageview&_s=1&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&ul=en-us&de=UTF-8&dt=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=1451413772&gjid=1517477752&cid=1342275840.1681389863&tid=UA-69598329-1&_gid=1016443310.1681389863&_r=1&_slc=1&gtm=45He34a0n8152PC3MW&z=670594551

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepinstinct.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 464526.gif
id.rlcdn.com/ 0
98 B 116ms
33ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 468591697375107 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 26ms
24ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/468591697375107?v=2.9.101&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

43c33a0c9af3518bcfc5fd7c7164746672320a374e553b0a9c79edaf8a788fdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 12:44:23 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110200
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: jWxDtlCwauwnxH0gEZtKfsrkOq/GRjiSfkQZHrF+AF7s3ziUCbxMLgHiyymwXAv9AeyE8E3i9bisViZ/mErdcg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 ip.json Show response
api.company-target.com/api/v2/ 4 KB
2 KB 149ms
77ms XHR
application/json 18.155.153.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&page_title=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/8430ce879b38826d.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.153.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-153-51.ham50.r.cloudfront.net
Software: nginx /
Resource Hash: 5b9f521c45169317b62009fe23e999a5a48846bba362a235afc12baab827be4a

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
identification-source: CENTRAL
content-encoding: gzip
via: 1.1 0623bbe185c513c688ceb8ce94bd2710.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
x-cache: Miss from cloudfront
request-id: 9ca61005-46d0-415a-87e6-3524b3da7364
pragma: no-cache
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.deepinstinct.com
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
vary: Accept-Encoding, Origin
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8G3mTt-a9hInmzfg9sJiOi4ATC9VCQZRZHMwGwgbGRyQm0ZTV2_Wgg==
expires: Wed, 12 Apr 2023 12:44:23 GMT

GET
H2 200 adsct
t.co/i/ 43 B
376 B 204ms
133ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=52cf06f9-be36-4423-832a-d8ee310cad7b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=27d14ec2-8af4-4d96-a539-814df8608c0b&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o61n5&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 105
date: Thu, 13 Apr 2023 12:44:23 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 905ae73be81f5aac
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: ee4cae04d672be15f845948b282cab41715ed20ee3525e8c7ba0230e7fd440e8
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 288ms
128ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=52cf06f9-be36-4423-832a-d8ee310cad7b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=27d14ec2-8af4-4d96-a539-814df8608c0b&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o61n5&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 105
date: Thu, 13 Apr 2023 12:44:23 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: b7cca19b1d98ae5f
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 88b21f9eb887c90122413f1adcf0a4749512d2e90c75757e69b3b314fe41e655
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
227 B 205ms
134ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=bf892eb2-16fa-4e11-b80b-0cae7cff4536&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=27d14ec2-8af4-4d96-a539-814df8608c0b&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzc8r&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 106
date: Thu, 13 Apr 2023 12:44:22 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 7992484b6d6b7215
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: ee4cae04d672be15f845948b282cab41715ed20ee3525e8c7ba0230e7fd440e8
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
238 B 299ms
139ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=bf892eb2-16fa-4e11-b80b-0cae7cff4536&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=27d14ec2-8af4-4d96-a539-814df8608c0b&tw_document_href=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nzc8r&type=javascript&version=2.3.29

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-response-time: 116
date: Thu, 13 Apr 2023 12:44:22 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 1d16429e19a46630
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 88b21f9eb887c90122413f1adcf0a4749512d2e90c75757e69b3b314fe41e655
content-length: 43

GET
H2 200 modules.921fbd6026ad53edd4ec.js Show response
script.hotjar.com/ 263 KB
68 KB 173ms
79ms Script
application/javascript 18.155.153.33
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.921fbd6026ad53edd4ec.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1665869.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.155.153.33 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-155-153-33.ham50.r.cloudfront.net

Software

Resource Hash

d670810977ce85bd57423bbcf76017315b51e52324633801a4724932445134bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:24:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 6666f57b09bbb5ce206afb05563f731e.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P2
age: 1216
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 69074
last-modified: Thu, 13 Apr 2023 12:24:05 GMT
etag: "3d1fb8ad793fed3427d8bf6cdb8ce5ca"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: c-lSkp9R_VhLsum9RTsTgWMttKEHAxMIaENQRBZMwcrJnKFmDG9OCw==

GET
H2 200 /
www.google.com/pagead/1p-user-list/812608847/ 42 B
455 B 120ms
54ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/812608847/?random=1681389863155&cv=11&fst=1681387200000&bg=ffffff&guid=ON&async=1&gtm=45He34a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&frm=0&tiba=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&fmt=3&is_vtc=1&random=1488552814&rmt_tld=0&ipr=y

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/812608847/ 42 B
455 B 162ms
35ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/812608847/?random=1681389863155&cv=11&fst=1681387200000&bg=ffffff&guid=ON&async=1&gtm=45He34a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&frm=0&tiba=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&fmt=3&is_vtc=1&random=1488552814&rmt_tld=1&ipr=y

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/316505/domain/deepinstinct.com/ 36 B
377 B 211ms
28ms XHR
application/json 2600:9000:2070:d200:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/316505/domain/deepinstinct.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2070:d200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 11:47:32 GMT
content-encoding: gzip
via: 1.1 c46d7c5a8bf0a3035249184c40b6aea4.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C3
age: 3411
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: vM2niQS6qbWYQ7zb9KFxawSFhjuLFRZusEH3Yu5yV2NT6e6hkqWbMg==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D316505%26time%3D1681389863300%26url%3Dhttps%253A%252F%252Fwww.deepinstinct.com%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&liSync=true&e_...

0
265 B

297ms
199ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&liSync=true&e_ipv6=AQKMNHkHWbZYVgAAAYd6pUQn35cgGihkP6CeBrtYH-g96HjNL8ghXXJk6r9OqSfAxH5nVXF-16wI
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B1735030D881402589D7F666BEF83921 Ref B: FRAEDGE1907 Ref C: 2023-04-13T12:44:24Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX5NxWWufE5YTeccOfXTg==

Redirect headers

date: Thu, 13 Apr 2023 12:44:23 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 47EB50E024BC4AD3B5E5C6D17F1A6A61 Ref B: FRAEDGE1422 Ref C: 2023-04-13T12:44:23Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=316505&time=1681389863300&url=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&liSync=true&e_ipv6=AQKMNHkHWbZYVgAAAYd6pUQn35cgGihkP6CeBrtYH-g96HjNL8ghXXJk6r9OqSfAxH5nVXF-16wI
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX5NxWSINqy2Ir8zGvHqQ==

GET
H2 204 17571311.js Show response
bat.bing.com/p/action/ 0
117 B 135ms
135ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17571311.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 13 Apr 2023 12:44:23 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9D1128A8AC6E4E2FBEE45DC6F028403D Ref B: FRAEDGE1316 Ref C: 2023-04-13T12:44:23Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 44ms
43ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17571311&Ver=2&mid=d895dc94-b51c-427d-a8b6-a2d2626924a2&sid=ead13080d9f811edad4d897e62753f51&vid=ead15550d9f811edb51bf34b81105498&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&p=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&r=&lt=994&evt=pageLoad&sv=1&rn=460925

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 13 Apr 2023 12:44:23 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A01461506E8F4A64BF6A6C87A3BD5F60 Ref B: FRAEDGE1316 Ref C: 2023-04-13T12:44:23Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
352 B 416ms
351ms XHR
text/plain 2a00:1450:400c:c02::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-69598329-1&cid=1342275840.1681389863&jid=1451413772&gjid=1517477752&_gid=1016443310.1681389863&_u=YCDACEAABAAAACAAI~&z=154373643

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c02::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 13 Apr 2023 12:44:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.deepinstinct.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
466 B 132ms
131ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16780454&r=1681389863347&ref=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 16780454
Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdu4GEuvDfaHhyF0QFLGQ0KBqn8ddj4Kqop4SjdSe3JQ7LUXHEQVmi-6JK6ptcaGsv0v0PzKSw_yBpDxZb3kObDfEw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Thu, 13 Apr 2023 13:44:23 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 226ms
128ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=16780454&r=1681389863347&ref=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.deepinstinct.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 13 Apr 2023 12:44:23 GMT
expires: Thu, 13 Apr 2023 12:44:23 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdtmP4KNFsHEpxbkHvTqvR8_IiI8owPLq0_YfNE5ZWsy457X2YN70QP50SdQ4u3pgoKcHSll2SoU2FzEHRVwyr5TRsTN6eBv

GET
H3 200 332937911623471 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 30ms
29ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/332937911623471?v=2.9.101&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e462942c14d736375af5f104a9cb2cad3901647145095c6550f93ea26acffc84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 13 Apr 2023 12:44:23 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110244
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: w6OHHRrxMmJ5pSVvwWsaTiVWRJUDGED1ifixKZe2xlybSo5ByTWPXpsKBma/0fGPZ9B0B53GA/WEp/AHcYP0Nw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 2183098.js Show response
js.hs-banner.com/ 62 KB
16 KB 532ms
431ms Script
text/javascript 2606:4700::6812:19c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/2183098.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f36425f314238df1608a0dc16928a64801a937c30c3c4c2784706b4cddcbd3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
x-amz-version-id: 8pRZ0ZmY5bIeC1yntlJzD5gGSgxywTKp
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 85GAQVGXT0SVMYSH
x-amz-server-side-encryption: AES256
x-amz-id-2: 7jDPDVfYqQS1/rKtQ7uiDASRGEmCU9r6QigwYR6ySlEXBckGbRMmbesz4SpFuHOUwZlveH/CJ10=
last-modified: Fri, 24 Mar 2023 19:47:18 GMT
server: cloudflare
etag: W/"323d99df10e7785cc68b56cfd4f62e75"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.deepinstinct.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7b73ccd6dc3a2bee-FRA
expires: Thu, 13 Apr 2023 12:49:23 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 545 KB
87 KB 128ms
42ms Script
application/javascript 2606:4700::6811:826e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:826e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7239304bfda1edbdc25f38e13e0c6ed0c40c2aa7bf88e95b9fc8f17ba36a8253

Request headers

Referer: https://www.deepinstinct.com/
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
x-amz-version-id: RmhmaytfCYjkF4kIWncNidw0.aX_4QVo
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-encoding: br
x-amz-cf-pop: IAD12-P3
age: 38618
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1180/bundle/main/lead-flows-release.js&cfRay=7b701e0679063684-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-amz-replication-status: COMPLETED
last-modified: Mon, 03 Apr 2023 03:50:40 UTC
server: cloudflare
etag: W/"0bee9cd87f137fe7aec90112cb8b0376"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-hs-cache-status: MISS
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control: s-maxage=86400, max-age=0
cf-ray: 7b73ccd6cfbc3609-FRA
x-amz-cf-id: evS1mBK-OHDAbjrpmzOakSkgh619BggmmHGGok0y8cePwTJHZawAOA==
x-hs-target-asset: lead-flows-js/static-1.1180/bundle/main/lead-flows-release.js

GET
H2 200 2183098.js Show response
js.hs-analytics.net/analytics/1681389600000/ 65 KB
20 KB 284ms
204ms Script
text/javascript 2606:4700::6810:89ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1681389600000/2183098.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/2183098.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:89ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdb17ba3edbbf66a8901f4b7e925f17dfdaa5a8bc5c9832b146501ee2d55cf64

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: FQBJM711XRGFYT5R
x-amz-server-side-encryption: AES256
x-amz-id-2: dZnW9ByGW9Fl/1Xt/imP+3Djocpe3yLLHm+f8922NeIzfbaOKSL5wPIj3jXxExfBbmYEyqvaF3E=
last-modified: Thu, 23 Mar 2023 16:31:00 GMT
server: cloudflare
etag: W/"e492097019dbabf7e2b3615932f8e4a7"
vary: origin, Accept-Encoding
content-type: text/javascript
cache-control: max-age=300, public
access-control-allow-credentials: false
cf-ray: 7b73ccd70e8990da-FRA
expires: Thu, 13 Apr 2023 12:49:23 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
303 B 29ms
27ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=c06e4927a3f04943da8ba3b1032a92ff&_biz_s=3c00be&_biz_l=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&_biz_t=1681389863382&_biz_i=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&_biz_n=0&rnd=451032&cdn_o=a&_biz_z=1681389863385
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
last-modified: Wed, 12 Apr 2023 14:12:17 GMT
server: ECS (frb/6760)
age: 81126
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
203 B 39ms
22ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=c06e4927a3f04943da8ba3b1032a92ff&_biz_s=3c00be&_biz_l=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&_biz_t=1681389863387&_biz_i=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&rnd=90052&cdn_o=a&_biz_z=1681389863387
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6752) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
last-modified: Sun, 09 Apr 2023 02:44:04 GMT
server: ECS (frb/6752)
age: 381619
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: Image/GIF
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
525 B 141ms
141ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=c06e4927a3f04943da8ba3b1032a92ff&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.04.06
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 625fb492a001407a723b868525c77d832cacbd8fcc00494788af0cfcec698227

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: gzip
server: ECS (frb/6711)
etag: 724CA7E2
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 218

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 31ms
31ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1613954881&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&ul=en-us&de=UTF-8&dt=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aDDACEABBAAAACAAI~&jid=&gjid=&cid=1342275840.1681389863&tid=UA-69598329-1&_gid=1016443310.1681389863&gtm=45He34a0n8152PC3MW&cd1=Credit%20Suisse%20Realwerte%202%20Verwaltung%20GmbH&cd2=Financial%20Services&cd3=Banking%20%26%20Finance&cd4=Enterprise%20Business&cd5=51680&cd6=(Non-Company%20Visitor)&cd7=DE&cd8=false&cd9=false&cd10=credit-suisse.com&cd13=Anonymous%20Activity&z=1227614595

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 22:00:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 53020
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 73ms
22ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=468591697375107&ev=PageView&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&rl=&if=false&ts=1681389863503&sw=1600&sh=1200&v=2.9.101&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1681389863502.922196745&it=1681389863284&coo=false&rqm=GET

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 13 Apr 2023 12:44:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 73ms
23ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=332937911623471&ev=PageView&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&rl=&if=false&ts=1681389863505&sw=1600&sh=1200&v=2.9.101&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1681389863502.922196745&it=1681389863284&coo=false&rqm=GET

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 13 Apr 2023 12:44:23 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1665869/ 148 B
323 B 222ms
58ms XHR
application/json 34.252.119.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1665869/visit-data?sv=7
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.252.119.122 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-119-122.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a6aac8e9a67e2442b43e625709a99abeb6ab0148e94dd788cee106f2710c3906

Request headers

Referer: https://www.deepinstinct.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 204 1665869 Show response
vc.hotjar.io/sessions/ 0
258 B 155ms
45ms XHR
text/plain 18.66.112.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vc.hotjar.io/sessions/1665869?s=0.25&r=0.024732104424740387
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-79.fra56.r.cloudfront.net
Software: Python/3.8 aiohttp/3.8.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:23 GMT
via: 1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront)
server: Python/3.8 aiohttp/3.8.4
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
access-control-allow-origin: *
cache-control: no-store
x-amz-cf-id: FYZdsnKQjig3Px3P8Bt4xzsPw79bgEoeedPYWyQyw1ytqLBOPoX4IA==

GET
BLOB 200
OK 2789328e-c9be-4ae5-b6b0-aa9a86c9a8a2
https://www.deepinstinct.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.deepinstinct.com/2789328e-c9be-4ae5-b6b0-aa9a86c9a8a2
Requested by: Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 61ms
60ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-69598329-1&cid=1342275840.1681389863&jid=1451413772&_u=YCDACEAABAAAACAAI~&z=1368993541

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 61ms
61ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-69598329-1&cid=1342275840.1681389863&jid=1451413772&_u=YCDACEAABAAAACAAI~&z=1368993541

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 13 Apr 2023 12:44:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame F2C0 0
75 B 27ms
26ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.deepinstinct.com
Referer: https://www.deepinstinct.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.deepinstinct.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 13 Apr 2023 12:44:24 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 / Show response
www.facebook.com/tr/ Frame FC94 0
31 B 26ms
26ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.deepinstinct.com
URL: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.deepinstinct.com
Referer: https://www.deepinstinct.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.deepinstinct.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Thu, 13 Apr 2023 12:44:24 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
893 B 209ms
145ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3897811554&v=1.1&a=2183098&rcu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&pu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&t=Dirty+Vanity%3A+A+New+Approach+to+Code+Injection+%26+EDR+Bypass+%7C+Deep+Instinct&cts=1681389864388&vi=3e6ef68a8588752e4a6571df2cf920ce&nc=true&u=160033954.3e6ef68a8588752e4a6571df2cf920ce.1681389864383.1681389864383.1681389864383.1&b=160033954.1.1681389864383&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 4e67037d-a3ae-4326-bb30-42a6c40926bd
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4B4VNSkAvx5bqV2cs6Tk4ClpXu9kSc9NKGAgbgPSRNtYfR1%2F0518xfBSeEbfmd6AYTRhE5PoJd4g0BJRty6TH2GdX%2FvL03UyFnxLtvQFxX7snLcDEdOkL4S%2Fe1one0Bs7t2YBL1moCu1awOlEBc"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7b73ccdce8978fe2-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
2 KB 241ms
172ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=2183098&utk=3e6ef68a8588752e4a6571df2cf920ce&__hstc=160033954.3e6ef68a8588752e4a6571df2cf920ce.1681389864383.1681389864383.1681389864383.1&__hssc=160033954.1.1681389864383&currentUrl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

886ff04faee9e232e68606f8f3214c59194432441337e127922da0aa8dddbd72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 92236c83-f512-4738-98a4-6902cdf4f093
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.deepinstinct.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26FWPzVBZ2Cq2fq4mgwEvIFR2qiTQq%2FUdm1d%2Fs7wLxTsUpJ%2Fc27YVg9OPhQ0aFwB80TpofKN6ln9aSgU%2FMsFTs%2BTChvYoU8DWHsGvHvbgNT5pF7Jw6MJ1%2FButpArHZ7I22%2Fh4cKtaSKLlXiiyhDT"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7b73ccdcfc4b03b0-FRA

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 22ms
22ms Image
image/gif 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1613954881&t=timing&_s=3&dl=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&ul=en-us&de=UTF-8&dt=Dirty%20Vanity%3A%20A%20New%20Approach%20to%20Code%20Injection%20%26%20EDR%20Bypass%20%7C%20Deep%20Instinct&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=2307&pdt=1&dns=95&rrt=0&srt=187&tcp=49&dit=499&clt=994&_gst=1072&_gbt=1186&_u=aDDACEABBAAAACAAI~&jid=&gjid=&cid=1342275840.1681389863&tid=UA-69598329-1&_gid=1016443310.1681389863&gtm=45He34a0n8152PC3MW&cd1=Credit%20Suisse%20Realwerte%202%20Verwaltung%20GmbH&cd2=Financial%20Services&cd3=Banking%20%26%20Finance&cd4=Enterprise%20Business&cd5=51680&cd6=(Non-Company%20Visitor)&cd7=DE&cd8=false&cd9=false&cd10=credit-suisse.com&cd13=Anonymous%20Activity&z=669676309

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Apr 2023 22:00:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 53021
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 942 B
607 B 34ms
33ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=explicit

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

169c98ec7238dcddaa38d42640ae9d04349febc459edd92c8d33e2f641e5f758

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 586
x-xss-protection: 1; mode=block
expires: Thu, 13 Apr 2023 12:44:24 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
363 B 154ms
154ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=edf3154a-9058-41f2-8bd8-5f0fc6bddce4&lfi=2584648&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3897811554&v=1.1&a=2183098&rcu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&pu=https%3A%2F%2Fwww.deepinstinct.com%2Fblog%2Fdirty-vanity-a-new-approach-to-code-injection-edr-bypass&t=Dirty+Vanity%3A+A+New+Approach+to+Code+Injection+%26+EDR+Bypass+%7C+Deep+Instinct&cts=1681389864645&vi=3e6ef68a8588752e4a6571df2cf920ce&nc=true&u=160033954.3e6ef68a8588752e4a6571df2cf920ce.1681389864383.1681389864383.1681389864383.1&b=160033954.1.1681389864383&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.deepinstinct.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 12:44:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 5ff24377-1084-4e88-a3d8-a6a143fa3116
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DU4%2B0DxJBJcrC4K%2B%2BsEEuUUzZbRraSIhMTd7Ar0iP2QyOtEfCw6j45q3c%2FqKxyrWZKoEvh16yHUHbsx%2BQfPpCZZRr%2FDQbbOveoIXqMQQ6ZsrsE5aN0MXkAF%2BBRdxPPCLqycDc8Rvv58ldEUdG6Nc"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7b73ccde1a238fe2-FRA
x-robots-tag: none

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/ 409 KB
165 KB 76ms
23ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/6MY32oPwFCn9SUKWt8czDsDw/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

669df991bc101ce8036b07e4431b837c3afcfaedd8e18356f1930bdd8235a6ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.deepinstinct.com/
Origin: https://www.deepinstinct.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 11:39:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 168106
x-xss-protection: 0
last-modified: Sun, 02 Apr 2023 18:01:18 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Apr 2024 11:39:50 GMT

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.deepinstinct.com/	1970-01-20 13:12:45	Name: _gcl_au Value: 1.1.2094880038.1681389863
.deepinstinct.com/	1970-01-20 20:39:09	Name: _ga_P5MMKMDSNW Value: GS1.1.1681389863.1.0.1681389863.0.0.0
.deepinstinct.com/	1970-01-20 20:39:09	Name: _ga Value: GA1.2.1342275840.1681389863
.deepinstinct.com/	1970-01-20 11:04:36	Name: _gid Value: GA1.2.1016443310.1681389863
.deepinstinct.com/	1970-01-20 11:03:09	Name: _gat_UA-69598329-1 Value: 1
.doubleclick.net/	1970-01-20 11:03:10	Name: test_cookie Value: CheckForPermission
.deepinstinct.com/	1970-01-20 11:04:36	Name: _uetsid Value: ead13080d9f811edad4d897e62753f51
.deepinstinct.com/	1970-01-20 20:24:45	Name: _uetvid Value: ead15550d9f811edb51bf34b81105498
.techtarget.com/	1970-01-20 11:03:11	Name: __cf_bm Value: 1_Dq.RH8mV_qGOnfg5fjGWnh.1PhA9sY.lZtTAKjnUc-1681389863-0-AXHLg2B3hK+juyK6dRYqJ9sibiYAUDHuup8OqXk1e24/kvfB5V180lNWRfcRMFekoV6bha3tmZ7/fS2QSY2GMEM=
.bing.com/	1970-01-20 20:24:45	Name: MUID Value: 3F4C0FF6E0AB62F4113B1D04E179631A
.deepinstinct.com/	1970-01-20 19:48:45	Name: _biz_uid Value: c06e4927a3f04943da8ba3b1032a92ff
.deepinstinct.com/	1970-01-20 11:03:11	Name: _biz_sid Value: 3c00be
.deepinstinct.com/	1970-01-20 19:48:45	Name: _biz_nA Value: 1
.bizible.com/	1970-01-20 19:48:45	Name: _BUID Value: c06e4927a3f04943da8ba3b1032a92ff
.deepinstinct.com/	1970-01-20 19:48:45	Name: _biz_pendingA Value: %5B%5D
.t.co/	1970-01-20 20:39:09	Name: muc_ads Value: 658298c3-0e65-4aa9-a328-9472b1f7f3bb
.deepinstinct.com/	1970-01-20 13:12:45	Name: _fbp Value: fb.1.1681389863502.922196745
.bizibly.com/	1970-01-20 19:48:45	Name: _BUID Value: ff84f650c3a05aee9312e2dda9e41d0d
.deepinstinct.com/	1970-01-20 19:48:45	Name: _hjSessionUser_1665869 Value: eyJpZCI6ImVhOGNiMDUwLWE0NDEtNWYxZC04MDdiLWIzZGNlZThlNjg2NCIsImNyZWF0ZWQiOjE2ODEzODk4NjM1NDMsImV4aXN0aW5nIjpmYWxzZX0=
.deepinstinct.com/	1970-01-20 11:03:11	Name: _hjFirstSeen Value: 1
.deepinstinct.com/	1970-01-20 11:03:09	Name: _hjIncludedInSessionSample_1665869 Value: 0
.deepinstinct.com/	1970-01-20 11:03:11	Name: _hjSession_1665869 Value: eyJpZCI6ImM0ZjJjNGNlLTA1NjAtNGM3Zi1hYzU5LTIyN2RiY2Y0ZTg2MSIsImNyZWF0ZWQiOjE2ODEzODk4NjM1NTQsImluU2FtcGxlIjpmYWxzZX0=
www.deepinstinct.com/	1970-01-20 11:03:09	Name: _hjIncludedInPageviewSample Value: 1
.deepinstinct.com/	1970-01-20 11:03:11	Name: _hjAbsoluteSessionInProgress Value: 1
www.deepinstinct.com/	1970-01-20 11:04:36	Name: ln_or Value: eyIzMTY1MDUiOiJkIn0%3D
.deepinstinct.com/	1970-01-20 19:48:45	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.twitter.com/	1970-01-20 20:39:09	Name: personalization_id Value: "v1_ugdmOC8oNSwqVhKDgFpSFw=="
.linkedin.com/	1970-01-20 11:46:21	Name: UserMatchHistory Value: AQJWWKiLuvGZPgAAAYd6pUKWo9YbbwluYEVs0zm0qTLDDvhuarSK12wSl3IApbXgYaRPPNmAl2peew
.linkedin.com/	1970-01-20 11:46:21	Name: AnalyticsSyncHistory Value: AQIToDVk2YsW0AAAAYd6pUKXP5GkUMqJY94FDQ-HolUoO12scL147TYS4g5u0uNxyNnN2o1nv65rxxhXo78nxA
.linkedin.com/	1970-01-20 19:48:45	Name: bcookie Value: "v=2&a96c3048-954c-4fd9-8467-851dbb2f6fd9"
.linkedin.com/	1970-01-20 11:04:36	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2497:u=1:x=1:i=1681389863:t=1681476263:v=2:sig=AQHS4SXT6iquWdLiBVmPtBfy4_BfwZmY"
.www.linkedin.com/	1970-01-20 19:48:45	Name: bscookie Value: "v=1&20230413124423893d029b-7fed-478b-8b98-ae73f91d1cc3AQGq7V3NBH8OnTqmuPt_NYlWBWHanP5t"
.linkedin.com/	1970-01-20 15:22:21	Name: li_gc Value: MTswOzE2ODEzODk4NjM7MjswMjEmAnEc0f11Ep1lIcwIZJ2rToPps4bKYznK2a+9Xi9P+Q==
.deepinstinct.com/	1970-01-20 15:22:21	Name: __hstc Value: 160033954.3e6ef68a8588752e4a6571df2cf920ce.1681389864383.1681389864383.1681389864383.1
.deepinstinct.com/	1970-01-20 15:22:21	Name: hubspotutk Value: 3e6ef68a8588752e4a6571df2cf920ce
.deepinstinct.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.deepinstinct.com/	1970-01-20 11:03:11	Name: __hssc Value: 160033954.1.1681389864383
.hubspot.com/	1970-01-20 11:03:11	Name: __cf_bm Value: WUgZNcOXcv6LMjwjlZgdc0omHr0F4YSvZL2ASTUtwLI-1681389864-0-AeHTDbcl9VHSv1RUnSgBk1qSwQZR76C5iGzk2o0/mRvSMjo1/UzTz0FXaFHzcEyViRDz5g4tDoaE813N7+tID/s=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://id.rlcdn.com/464526.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.company-target.com
bat.bing.com
cdn.bizible.com
cdn.bizibly.com
cdn.linkedin.oribi.io
connect.facebook.net
forms.hubspot.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
id.rlcdn.com
in.hotjar.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
script.hotjar.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag.demandbase.com
track.hubspot.com
trk.techtarget.com
use.typekit.net
vc.hotjar.io
www.deepinstinct.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
104.244.42.131
104.244.42.5
13.107.42.14
146.75.116.157
151.101.2.216
152.195.15.58
18.155.145.24
18.155.153.33
18.155.153.51
18.66.112.79
2001:4860:4802:32::36
2600:9000:2070:d200:2:53b2:240:93a1
2606:4700::6810:89ce
2606:4700::6811:826e
2606:4700::6812:19c4
2606:4700::6812:873b
2606:4700::6812:d9f
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:803::200e
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:827::2003
2a00:1450:4001:827::2008
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
2a00:1450:400c:c02::9b
2a02:26f0:3500:16::215:148d
2a02:26f0:3500:16::215:1495
2a02:26f0:780::5f65:3681
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.111.208.231
34.252.119.122
35.244.174.68
52.85.92.7
08ee3b86073e37eb67b95589c8c51f696755b636eadecb02bcd81679999dc3db
09c9153b8a711b709875588f6844ad5677db641befd891317951fcd0e0928216
09e44c9f540d6d15578f730153923e341c5926c81379c8da1ffdd516c99ba20d
0bd2810d200cd4e4a6c1c48cedcecbaa329e48b0245b805eed948616469ccd4c
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0ec06672fe3c64b5f9a2734153c38dc3aac1a84dd0c656447e4f393339608db6
11f56658b8b3905023ed8fc68281b124371cc4f7f9450003ddb842d1e36416eb
11fb93e01fb53a1176baf5fe47df1528872f3011519d324e336116ca21a225b3
12f768e0a4b9552236112e0c7f41643b2578f4ff21f1d06215f3b076d7cad955
169c98ec7238dcddaa38d42640ae9d04349febc459edd92c8d33e2f641e5f758
1997949d35b6cbf7fbb515b2d46253116be72265bfe359860cf74b2c9ff30046
1b791f37e7cfac61b4b9e28963f4afbbc99fce9766fe8a872d8196dc7dc21375
1bb11639b6fac45629437a0f8c465af729084e5ad3a70e61861cf170d25c1ffe
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1da65daf1888814d38600dd6d227b8cfee080c593eceb29adf48eee2344fe348
23eab6d6981b62624b7b440012bfb3809b0033b4998d78533ed2c0d77e5053a1
25701ff46a6938978e4b3a307406ea586727388fe86ed523c6edd4435ebd6c5e
28b79e216761a83f877d6c35be1dbbd7885c4047d16b449e297d80512d7d3310
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
316d0bb30ee8ca93b8997a731156ba8a86f3c3d1433279cf05b85834487fd127
32cc58a56e1170810316c9cb82dd82a1fb379e2b82139b5ed039063bb40e4724
33dc89018fe5aed90ddd9f9615cba7412569abfad7d4995d81001e532aac79c9
3f36425f314238df1608a0dc16928a64801a937c30c3c4c2784706b4cddcbd3e
401073114ee4435a382d955f04702f1026bd39774d8040289484589992a1c981
41282c7b1f5e45ef3b649875f2752592904d0e4d24b8b0307ecffd7babe3c828
42ed7a1b76636aa21b17b9ea8d2617164810172d0358f1a245ece70f98e1b350
43c33a0c9af3518bcfc5fd7c7164746672320a374e553b0a9c79edaf8a788fdd
4574422b79a9d4a5793b41636bfcf680e171b4f050e4089b78c8fb48d16af49d
4b6bdb7295da01c6791c50c7c3c1ed550c3e5119a248041b922bde34f8223ac5
551397ca1cc84b261fbfb4ec91a3be7e5cb4704f58bdc293808a2f06e904e8d4
58cbce6773a86e5d812444badcc12a2b7da1bc9bd7508c777f67189a4a0ac6b5
5904bc0d6e72fc3e0028407f78c13aebab8a5e20104018420e1009f7cd9d1526
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5b9f521c45169317b62009fe23e999a5a48846bba362a235afc12baab827be4a
625fb492a001407a723b868525c77d832cacbd8fcc00494788af0cfcec698227
66452618423fb997d299a94cd1373cd8d9ecc3c3976be0a6dbe3adf78113768e
669df991bc101ce8036b07e4431b837c3afcfaedd8e18356f1930bdd8235a6ab
66aac9d3210f68de513a93e481d67dfa843665cdba4809f3bde13aefb77e71c6
6d9e4bc7f524ea160871d4024cfac2af513ba31293d41cf4d13e7de4e665750d
6e5b502a96d0e591d96fb35dfe1887d0526b39ec260de1136a0b9745000ce10a
7239304bfda1edbdc25f38e13e0c6ed0c40c2aa7bf88e95b9fc8f17ba36a8253
728234c3ca37d8780f505645d1399cb581cd47519ba1624de89ae6eefa9c212d
73de89ad27fa1fcfb8372b6656106165d4865b3ee287ad208f0074ef99f586b7
79cd380d7c4a2d38776ca3a20830c95fd898e454ee523bd677596892ce38c5e8
79e3bdc27a81801e6514d83c329d634d6ca99d0f85905c58d23cd92e11468714
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
8151e3ccf63bdbd7960c92c547fd59f91edb22aa6e6618ed38c0c9e22464b20f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8756a7999565ab10f142e83ece98cc7ff5314b241b96913c89fae9e05eb5610d
886ff04faee9e232e68606f8f3214c59194432441337e127922da0aa8dddbd72
887cb28e1f4f8540ee5c8e06114597b16e4f7150089d30032449ef435d22d51a
8908366014bb39af214d72a81154943df61d430966ae776aeda1e1bf094b10b3
8d0056dcc26b8dce6be00539697962adb12475fbf9cbf7fdcbc7c81b2ae7328d
8d5da73586712159bb569fbfbd370f05a258113b2591ba238ef4e7bde1db13b7
90a2f09b0c14c3c7e3069b7e93088dc15339cf55b82b07dd533687b156a97646
90aca30e747dbe0cd4ae4a29a0d588aff8693e295bb1d5c322188955608f658b
9752267ba45e048e57da0727ab4c333278750e3c77ed43582a4631019f8d2e08
9c0180fc3efb7e159a483e9f2c8ea7db1595a30cd8e3bd0f7b6f391405c3352a
a0087f3518b03be5fba7eb4e024312afe645c9f4ce0709650dd7e4d09cb06f52
a2137ebfe2b9ff55e1f280dbb1eef301290c50db609c5d6a0494ae8f3c98c253
a650259b67fd9815669b3a36ce8881448e8d5ad989de4bcb18ecae6ca73cfabe
a6aac8e9a67e2442b43e625709a99abeb6ab0148e94dd788cee106f2710c3906
a78496a0a885dd6a505aec683e2b574e517bc03076ca3ad9335bf2fade48b7db
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af144d639dc5c33722d3426bda462d68577e1c63ab319abf355da1ef73859495
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b4a37063d603063c0cb3dc4a2a676d25d3c31fabf4ce463177e5c49afce72051
b533ae2db8f5a88eaf3f672b011f61a9bcf635a09912cb547af9cd95c360e617
ba546f8a87a68abc792ddd24f67f1941f15f77e2605b6cad27d798cfd256df37
bdb17ba3edbbf66a8901f4b7e925f17dfdaa5a8bc5c9832b146501ee2d55cf64
bde2ea90277daad70c9fe415da39aae66f649429616ab61f3f665eaed31d550e
c6f523eb0dd21c0de7d1910d6cc92694da5bc10a6d8b611f3a1779f2504599fa
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d619ebece095748eb92d409eaac19e4346f5d7380db0442021e0ef148bab686d
d670810977ce85bd57423bbcf76017315b51e52324633801a4724932445134bc
db63f4f64cb4cd13ca5f37501235d010cf8177e6a77cc701260839b0500fe3db
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de90f9a4370cff2dafd0d322cf18b2d8c16baef1851c46e8d8624fa2b202fb18
df8d379a7d695bed8a2c8c58fa2b7b5c06837252815cf494b12e65d67c245060
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e462942c14d736375af5f104a9cb2cad3901647145095c6550f93ea26acffc84
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1f53a0319a47129cc3580d24544f26157a468ec87860065e9bd3d19d795e20e
f1f55f4619d859396e99138fbefe2ca2ea6b08e1a54af07ef3ef5bff742d0d01
f4e9ec4a5050ebd8ac05c076233505a42340c8aeb1b6ac114f71c67e071fdf78
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f766cf336897fd76624b203e4ea48163f251f1ea0a249bced439c5fc7b217c2c
f94786fe65dcbc65b0099b471ae2bb89bbabd7fa7d8573dd3c4e0f5bbe555447
fc3d502ace2503c2860416688a2fa238234df171764c9bdd3fef3f02cbe0e61c
fec6d73f7aedcf6870991b2e11d88968b170327d13dbdb8213c04932e6dcbc08

www.deepinstinct.com Open in urlscan Pro 151.101.2.216 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

114 Requests

98 %HTTPS

63 %IPv6

31 Domains

40 Subdomains

38 IPs

4 Countries

1894 kBTransfer

4882 kBSize

38 Cookies

20 Outgoing links

Redirected requests

114 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.deepinstinct.com Open in urlscan Pro
151.101.2.216 Public Scan

Screenshot
Live screenshot

Full Image

114
Requests

98 %
HTTPS

63 %
IPv6

31
Domains

40
Subdomains

38
IPs

4
Countries

1894 kB
Transfer

4882 kB
Size

38
Cookies

114 HTTP transactions
2 data transactions