urlscan.io logo urlscan.io
SecurityTrails logo

detection.fyi Open in urlscan Pro
2606:50c0:8002::153  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Effective URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Submission: On March 04 via manual from HU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 22 HTTP transactions. The main IP is 2606:50c0:8002::153, located in United States and belongs to FASTLY, US. The main domain is detection.fyi.
TLS certificate: Issued by R3 on March 1st 2024. Valid for: 3 months.
This is the only time detection.fyi was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:50c0:800... 54113 (FASTLY)
14 2606:50c0:800... 54113 (FASTLY)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 74.125.34.46 15169 (GOOGLE)
4 2606:4700:20:... 13335 (CLOUDFLAR...)
1 20.209.68.33 8075 (MICROSOFT...)
22 6
1    2606:50c0:8000::153 (United States)

ASN54113 (FASTLY, US)
detection.fyi
14    2606:50c0:8002::153 (United States)

ASN54113 (FASTLY, US)
detection.fyi
1    2a02:26f0:7100:998::3544 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
learn.microsoft.com
1    74.125.34.46 (United States)

ASN15169 (GOOGLE, US)
PTR: ghs-vip-any-c46.ghs-ssl.googlehosted.com
www.virustotal.com
4    2606:4700:20::ac43:47e6 (United States)

ASN13335 (CLOUDFLARENET, US)
server.ethicalads.io
media.ethicalads.io
1    20.209.68.33 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ethicalads.blob.core.windows.net
Apex Domain
Subdomains		 Transfer
15 detection.fyi
detection.fyi
2 MB
4 ethicalads.io
server.ethicalads.io — Cisco Umbrella Rank: 55196
media.ethicalads.io — Cisco Umbrella Rank: 45889
3 KB
1 windows.net
ethicalads.blob.core.windows.net — Cisco Umbrella Rank: 70232
2 KB
1 virustotal.com
www.virustotal.com — Cisco Umbrella Rank: 48828
1 microsoft.com
learn.microsoft.com — Cisco Umbrella Rank: 11250
92 KB
0 bradleyjkemp.dev Failed
stats.bradleyjkemp.dev Failed
22 6
Domain Requested by
15 detection.fyi 1 redirects detection.fyi
2 media.ethicalads.io detection.fyi
2 server.ethicalads.io detection.fyi
1 ethicalads.blob.core.windows.net detection.fyi
1 www.virustotal.com detection.fyi
1 learn.microsoft.com detection.fyi
0 stats.bradleyjkemp.dev Failed detection.fyi
22 7
Subject Issuer Validity Valid
detection.fyi
R3		 2024-03-01 -
2024-05-30		 3 months crt.sh
learn.microsoft.com
Microsoft Azure ECC TLS Issuing CA 08		 2024-01-30 -
2025-01-24		 a year crt.sh
*.virustotal.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-19 -
2025-01-18		 a year crt.sh
ethicalads.io
GTS CA 1P5		 2024-02-05 -
2024-05-05		 3 months crt.sh
*.blob.core.windows.net
Microsoft Azure TLS Issuing CA 05		 2023-12-07 -
2024-06-27		 7 months crt.sh

This page contains 1 frames:

Primary Page: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Frame ID: 24B89B50F78B3BF4C5A1AB8F857F924F
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Add Windows Capability Via PowerShell Cmdlet | Detection.FYIopen-menuclosemecalendartwitterfacebooklinkedincopysearchto-top

Page URL History Show full URLs

  1. http://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_wind... HTTP 301
    https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_wind... Page URL

Page Statistics

22
Requests

95 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

1962 kB
Transfer

8515 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/ HTTP 301
    https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Redirect Chain
  • http://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
  • https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
40 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
d8c9db68d659640361ffda0d23812b83713307d4bc21b7702dafcc784dac2eb9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
10474
content-type
text/html; charset=utf-8
date
Mon, 04 Mar 2024 08:13:15 GMT
etag
W/"65e562ba-9f08"
expires
Mon, 04 Mar 2024 08:23:15 GMT
last-modified
Mon, 04 Mar 2024 05:57:14 GMT
server
GitHub.com
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-fastly-request-id
85715e02508783e196057e9896396462dbe228a1
x-github-request-id
38FA:0DFF:5E7DE74:6052A1B:65E5829B
x-proxy-cache
MISS
x-served-by
cache-fra-eddf8230045-FRA
x-timer
S1709539995.356887,VS0,VE96

Redirect headers

Accept-Ranges
bytes
Age
0
Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Mon, 04 Mar 2024 08:13:15 GMT
Location
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Server
GitHub.com
Vary
Accept-Encoding
Via
1.1 varnish
X-Cache
MISS
X-Cache-Hits
0
X-Fastly-Request-ID
201ffe9c096ab5fe8eca2f145dcacabc51c0ee72
X-GitHub-Request-Id
40BC:0E33:7FDC74B:82605E9:65E5829A
X-Served-By
cache-fra-eddf8230095-FRA
X-Timer
S1709539995.234522,VS0,VE89
plausible.js
stats.bradleyjkemp.dev/js/ 		0
0
styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
detection.fyi/css/ 		26 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
86f10bb7af352f4933dff4357118b289cd14ad92f2f59985f69af88d87f74c85

Request headers

Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Origin
https://detection.fyi
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
546c554bed9188877d5711da6c563d529b469474
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
174
x-cache
HIT
x-proxy-cache
MISS
content-length
6577
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
3B80:0DF4:8C44FC8:8ED347B:65E5644A
x-timer
S1709539995.476427,VS0,VE1
etag
W/"65e562bb-6916"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Mon, 04 Mar 2024 06:13:54 GMT
bundle.56e592094509d56f276a4eb149ce4f5846b3ca5e706f1d486d527d81fbaeda35e3d47d838b20e591c5e46bbf7e12d79dd929e918dde9239b73d492b260870d5d.js
detection.fyi/en/js/ 		46 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/en/js/bundle.56e592094509d56f276a4eb149ce4f5846b3ca5e706f1d486d527d81fbaeda35e3d47d838b20e591c5e46bbf7e12d79dd929e918dde9239b73d492b260870d5d.js
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
6326f6e40a6b8b8af6d12780e2043c40b2dfec8f9cb07c8afdb17d419bb94878

Request headers

Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Origin
https://detection.fyi
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
68a884c1ddb8caca56da40f6206d6757d35ced17
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
173
x-cache
HIT
x-proxy-cache
MISS
content-length
15926
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:14 GMT
server
GitHub.com
x-github-request-id
A6FC:0DFF:5CB5C41:5E81623:65E5644A
x-timer
S1709539995.476673,VS0,VE1
etag
W/"65e562ba-b98c"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Mon, 04 Mar 2024 06:13:54 GMT
default-monochrome.png
detection.fyi/logos/detection.fyi-logo/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/logos/detection.fyi-logo/default-monochrome.png
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
44f9df60fe3a60b5ddbb3b496132396f194141854f5c367ff52d880d322cd124

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
23abba819fcf3af9272eaf8d959fe2d2b01c621b
date
Mon, 04 Mar 2024 08:13:15 GMT
via
1.1 varnish
expires
Mon, 04 Mar 2024 06:13:54 GMT
age
173
x-cache
HIT
x-proxy-cache
MISS
content-length
7743
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
6FDE:0E66:42E0701:443585B:65E5644A
x-timer
S1709539995.476656,VS0,VE1
etag
"65e562bb-1e3f"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-cache-hits
1
search.min.df4d84e4983f0c71dd495e07a09815d920553c3ddf3d0767801c73373573aa17e1b489e4453272dbf4ce2a38a3d01a10b170744e50dd6bec85a598221867ba9a.js
detection.fyi/js/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/js/search.min.df4d84e4983f0c71dd495e07a09815d920553c3ddf3d0767801c73373573aa17e1b489e4453272dbf4ce2a38a3d01a10b170744e50dd6bec85a598221867ba9a.js
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
8bd3087ba0741d2db8fcaa991719f1deefd3a3d8234592917069f36377178b5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
2e981cb72c487debd21039b913df77a1fa724212
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
165
x-cache
HIT
x-proxy-cache
MISS
content-length
8623
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
2C74:0DFF:5CB5C41:5E81624:65E5644A
x-timer
S1709539995.476647,VS0,VE1
etag
W/"65e562bb-6657"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:54 GMT
ethicalads.min.js
detection.fyi/js/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/js/ethicalads.min.js
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
73ca42e6ade14b9c05b89e6c07f8619c28bd577de686f7a5f6081c33773aa050

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
1679780dd5c1540f631305a1c3cb38e80216c2db
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
165
x-cache
HIT
x-proxy-cache
MISS
content-length
8220
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
5770:0E53:31EA98A:32EC128:65E56449
x-timer
S1709539995.488307,VS0,VE1
etag
W/"65e562bb-6c5e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:54 GMT
sun.svg
detection.fyi/images/ 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/images/sun.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
d2cc8532e11b5b8dcb08c06e3406378c6367982418a6acd8642a01da62a8a411

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
5291f07fe3bb327afee149be22c3b465ed9c583f
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
173
x-cache
HIT
x-proxy-cache
MISS
content-length
1232
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
B07A:392D04:16DB435:175A9A4:65E5644A
x-timer
S1709539995.491572,VS0,VE1
etag
W/"65e562bb-ecb"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:54 GMT
Metropolis-Regular.woff2
detection.fyi/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/fonts/Metropolis-Regular.woff2
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
e920e6b0e7987aceb8df32656d01d44057e2c08646716202d594e06b5010ae70

Request headers

Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Origin
https://detection.fyi
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
47a39dbf81d755451ede1a88c7418ec8d8316df2
date
Mon, 04 Mar 2024 08:13:15 GMT
via
1.1 varnish
x-cache-hits
1
age
173
x-cache
HIT
x-proxy-cache
MISS
content-length
24152
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
2AE8:0E53:31EA9BF:32EC166:65E5644A
x-timer
S1709539995.493855,VS0,VE1
etag
"65e562bb-5e58"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:55 GMT
Metropolis-Light.woff2
detection.fyi/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/fonts/Metropolis-Light.woff2
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
3664cf60656a87a7e1bf1d1e98cfe7e83d01a00133508251757fdbd1b9128d3a

Request headers

Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Origin
https://detection.fyi
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
273b25693efefda395cc3465ef0e6217c27f4b4e
date
Mon, 04 Mar 2024 08:13:15 GMT
via
1.1 varnish
x-cache-hits
1
age
173
x-cache
HIT
x-proxy-cache
MISS
content-length
25912
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
2FC2:0DF4:8C44FF7:8ED34B4:65E5644A
x-timer
S1709539995.493979,VS0,VE5
etag
"65e562bb-6538"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:55 GMT
open-graph-image.png
learn.microsoft.com/en-us/media/ 		91 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://learn.microsoft.com/en-us/media/open-graph-image.png
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:998::3544 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
442161d0a89ddd202a5849002cc18d5b57bd56ee9ac99a5fb5e9286b23f4d216
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:13:15 GMT
akamai-cache-status
Hit from child
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
93141
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
request-context
appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
last-modified
Wed, 13 Sep 2023 21:07:05 GMT
x-datacenter
eus
etag
"0x8DBB49D628FE99B"
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
x-azure-ref
20230929T131218Z-eek9q6m2sd00b0b9dn1buv0kv0000000041g000000013gy9
cache-control
public, max-age=41
accept-ranges
bytes
expires
Mon, 04 Mar 2024 08:13:56 GMT
logo.svg
www.virustotal.com/gui/file/af1c82237b6e5a3a7cdbad82cc498d298c67845d92971bada450023d1335e267/contentimages/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.virustotal.com/gui/file/af1c82237b6e5a3a7cdbad82cc498d298c67845d92971bada450023d1335e267/contentimages/logo.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.34.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ghs-vip-any-c46.ghs-ssl.googlehosted.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers
copy.svg
detection.fyi/icons/ 		2 KB
953 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/icons/copy.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
26651cf8ae6fe488660217eb320427020fea97802a80ef2a5ecc3ff3ac65f0ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
acb180f99f1c0ffb5296e00e0eebe422946a21f5
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
39
x-cache
HIT
x-proxy-cache
MISS
content-length
758
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:14 GMT
server
GitHub.com
x-github-request-id
0CDC:0E10:822B03D:849C7BB:65E5644A
x-timer
S1709539996.509173,VS0,VE1
etag
W/"65e562ba-7fd"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:55 GMT
order.svg
detection.fyi/icons/ 		1 KB
521 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/icons/order.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
0972799d3baf1299429a3b6409decb3c552bae91d9548d540cfdbd9cfddd6074

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
1f001a1e05f1848cf6ba9e6f7ceec54fb29517b0
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
39
x-cache
HIT
x-proxy-cache
MISS
content-length
380
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:14 GMT
server
GitHub.com
x-github-request-id
C158:3E13D3:7C464B:7F0F84:65E5644A
x-timer
S1709539996.509077,VS0,VE1
etag
W/"65e562ba-40e"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:55 GMT
carly.svg
detection.fyi/icons/ 		966 B
725 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/icons/carly.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
8d7fed6fc266c9114f535734aebeecf43bcd1bb8209b8b32f53ef7ab5b080fbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
0aa44ee99ee8ed25a8af9c745a9a7b4d05a8317f
date
Mon, 04 Mar 2024 08:13:15 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
39
x-cache
HIT
x-proxy-cache
MISS
content-length
447
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:14 GMT
server
GitHub.com
x-github-request-id
EFCE:0E65:840EF90:869408F:65E5644A
x-timer
S1709539996.509056,VS0,VE1
etag
W/"65e562ba-3c6"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
expires
Mon, 04 Mar 2024 06:13:55 GMT
Metropolis-RegularItalic.woff2
detection.fyi/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/fonts/Metropolis-RegularItalic.woff2
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
ccc6ad34e46e9369935d4e1dd4ad6e155538931eebf4f7f10e560f21013c094a

Request headers

Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Origin
https://detection.fyi
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
c1d30434e86d06855302a49dc5f9b83c5b89d658
date
Mon, 04 Mar 2024 08:13:15 GMT
via
1.1 varnish
expires
Mon, 04 Mar 2024 06:13:55 GMT
age
39
x-cache
HIT
x-proxy-cache
MISS
content-length
25616
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
089A:0E18:5AADE9B:5C70378:65E5644A
x-timer
S1709539996.508787,VS0,VE1
etag
"65e562bb-6410"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-cache-hits
1
/
server.ethicalads.io/api/v1/decision/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://server.ethicalads.io/api/v1/decision/?publisher=detectionfyi&ad_types=image-v1&div_ids=ad_1709539995520_28795&callback=ad_1709539995520_28795&keywords=&campaign_types=paid%7Cpublisher-house%7Ccommunity%7Chouse&format=jsonp&client_version=1.6.2&url=https%3A%2F%2Fdetection.fyi%2Fsigmahq%2Fsigma%2Fwindows%2Fprocess_creation%2Fproc_creation_win_powershell_add_windows_capability%2F
Requested by
Host: detection.fyi
URL: https://detection.fyi/js/ethicalads.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e37b3f7639589afc48a04c11eb4570ae19351bbfa944b4633faabf293d86698
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:13:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
cross-origin-opener-policy
same-origin
x-frame-options
DENY
allow
GET, POST, HEAD, OPTIONS
content-type
application/javascript; charset=utf-8
vary
Accept, Cookie,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d11rahSqVG1FxgBYOBJp8cRGpiQ%2FW5g17Er7SUvmo3x20EvbQpGBVBf8CQwcxwFtEDgnzdgpyGtG60WXausLkGmrlh3kAreseR%2Fw3KLHVHMam6MsiqxRcKp3N7cuAQz00%2B0p45UvQVIc1cffz1oQlH7p"}],"group":"cf-nel","max_age":604800}
x-server
ethicalads00021T
cf-ray
85f067ec3b9c3a84-FRA
px.gif
media.ethicalads.io/abp/ 		43 B
721 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.ethicalads.io/abp/px.gif?ch=1&rn=8.32489568803042
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5d9ceff1677643e67687fb62a8d04a28de54f64f37da4e33f7494fe8acbc891
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 04 Mar 2024 08:13:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5
PvxrsrHic84LgsefLN5SmA==
age
1245
content-length
43
x-ms-lease-status
unlocked
last-modified
Tue, 10 Nov 2020 19:00:21 GMT
server
cloudflare
etag
0x8D885AADF65232D
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjMXTYhGhz3UF6LyUI5AtVtjuY7WxhBsgJfLQPHLkFIQPQTYOqRCC%2FggUBZGT%2BZ%2FpcInDqzeip%2Fkvj8HIn9wO9jr7bUlAqM7ysCFc%2FUDo%2FMuUhHsWERiV7MIe1p5vjZOdq7PHiV1A1BP3xi08WHjoxM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
00537df7-601e-0008-6544-443a64000000
cache-control
max-age=3600
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
85f067ec396c90fe-FRA
px.gif
media.ethicalads.io/abp/ 		43 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.ethicalads.io/abp/px.gif?ch=2&rn=8.32489568803042
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5d9ceff1677643e67687fb62a8d04a28de54f64f37da4e33f7494fe8acbc891
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 04 Mar 2024 08:13:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5
PvxrsrHic84LgsefLN5SmA==
age
1245
content-length
43
x-ms-lease-status
unlocked
last-modified
Tue, 10 Nov 2020 19:00:21 GMT
server
cloudflare
etag
0x8D885AADF65232D
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QGFL36YaBvHQeYB5gPxibP3DtRVlaVfZR8ZC%2FO5HvKKnZoBDytRwgGVdacSovhsBy%2ByMjXIwBnIy5vJJabMeTgGdrT%2Fr5q71INTK2MDn7sFgAeuX96oxDCfwSrKFPBpaLjJOTsdfsICKfCpvzULhRMA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
access-control-allow-origin
*
x-ms-request-id
00537df7-601e-0008-6544-443a64000000
cache-control
max-age=3600
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
85f067ec396d90fe-FRA
Prelude_Logo_-_Read_the_Docs_-_240x180.png
ethicalads.blob.core.windows.net/media/images/2023/07/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ethicalads.blob.core.windows.net/media/images/2023/07/Prelude_Logo_-_Read_the_Docs_-_240x180.png
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.209.68.33 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f052927372e63f3ea959bbd0b48d221703aa73fb459389ed52decd140a340220

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Mon, 04 Mar 2024 08:13:15 GMT
Last-Modified
Wed, 19 Jul 2023 00:37:18 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
2Y+xGlS4GBHHSJoHxZ6/Vg==
ETag
0x8DB87F04EB92039
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
68f1d0ad-301e-00ce-770b-6ef1e5000000
x-ms-version
2009-09-19
Content-Length
2046
/
server.ethicalads.io/proxy/view/6070/4f7cc091-7081-448b-9527-be80744b523d/ 		30 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://server.ethicalads.io/proxy/view/6070/4f7cc091-7081-448b-9527-be80744b523d/
Requested by
Host: detection.fyi
URL: https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Mon, 04 Mar 2024 08:13:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin
server
cloudflare
vary
Cookie
x-frame-options
DENY
content-type
image/svg+xml
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmrrlNnaY8QvubYLeHd5xGKY6it4uTRqWkqnEcvPb0dinA27Dfj12Gk0zwqETPpSRKKQD8STP%2FDnmYQ6xHku6yzwry2WG1SD4SLODhx1VrVTDpGTSHzJYe%2BViMRIdDMNhsXUDKz32%2Fi1dWZKpj%2Be%2BKQG"}],"group":"cf-nel","max_age":604800}
x-server
ethicalads00021X
cf-ray
85f067ee2d833a84-FRA
content-length
30
index.json
detection.fyi/ 		8 MB
2 MB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/index.json
Requested by
Host: detection.fyi
URL: https://detection.fyi/js/search.min.df4d84e4983f0c71dd495e07a09815d920553c3ddf3d0767801c73373573aa17e1b489e4453272dbf4ce2a38a3d01a10b170744e50dd6bec85a598221867ba9a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
e6915c68b17f7c320d23faa098218c745dfb6b6ab554863e815cccf9477c01e0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://detection.fyi/sigmahq/sigma/windows/process_creation/proc_creation_win_powershell_add_windows_capability/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-fastly-request-id
e9fb38954c8ee27f3f42ba999117a81af24e8cd6
date
Mon, 04 Mar 2024 08:13:16 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
1
age
161
x-cache
HIT
x-proxy-cache
MISS
content-length
1770000
x-served-by
cache-fra-eddf8230045-FRA
last-modified
Mon, 04 Mar 2024 05:57:15 GMT
server
GitHub.com
x-github-request-id
7126:0E6C:71716AF:73A2E41:65E56449
x-timer
S1709539996.186212,VS0,VE4
etag
W/"65e562bb-7f9632"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
expires
Mon, 04 Mar 2024 06:13:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
stats.bradleyjkemp.dev
URL
https://stats.bradleyjkemp.dev/js/plausible.js

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| isObj function| createEl function| elem function| elems function| pushClass function| hasClasses function| deleteClass function| modifyClass function| containsClass function| elemAttribute function| wrapEl function| deleteChars function| isBlank function| isMatch function| copyToClipboard function| getMobileOperatingSystem function| horizontalSwipe function| parseBoolean function| forEach function| findQuery function| wrapText function| emptyEl function| matchTarget function| goBack function| wrapOrphanedPreElements function| codeBlocks function| codeBlockFits function| maxHeightIsSet function| restrainCodeBlockHeight function| collapseCodeBlock function| actionPanel function| toggleLineNumbers function| toggleLineWrap function| copyCode function| disableCodeLineNumbers function| fileClosure object| hljs object| elClass object| e function| t function| initializeSearch function| highlightSearchTerms function| Fuse object| ethicalads function| ad_1709539995520_28795

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://stats.bradleyjkemp.dev/js/plausible.js
Message:
Failed to load resource: net::ERR_CONNECTION_REFUSED
network error URL: https://www.virustotal.com/gui/file/af1c82237b6e5a3a7cdbad82cc498d298c67845d92971bada450023d1335e267/contentimages/logo.svg
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

detection.fyi
ethicalads.blob.core.windows.net
learn.microsoft.com
media.ethicalads.io
server.ethicalads.io
stats.bradleyjkemp.dev
www.virustotal.com
stats.bradleyjkemp.dev
20.209.68.33
2606:4700:20::ac43:47e6
2606:50c0:8000::153
2606:50c0:8002::153
2a02:26f0:7100:998::3544
74.125.34.46
0972799d3baf1299429a3b6409decb3c552bae91d9548d540cfdbd9cfddd6074
26651cf8ae6fe488660217eb320427020fea97802a80ef2a5ecc3ff3ac65f0ab
3664cf60656a87a7e1bf1d1e98cfe7e83d01a00133508251757fdbd1b9128d3a
442161d0a89ddd202a5849002cc18d5b57bd56ee9ac99a5fb5e9286b23f4d216
44f9df60fe3a60b5ddbb3b496132396f194141854f5c367ff52d880d322cd124
4e37b3f7639589afc48a04c11eb4570ae19351bbfa944b4633faabf293d86698
6326f6e40a6b8b8af6d12780e2043c40b2dfec8f9cb07c8afdb17d419bb94878
73ca42e6ade14b9c05b89e6c07f8619c28bd577de686f7a5f6081c33773aa050
86f10bb7af352f4933dff4357118b289cd14ad92f2f59985f69af88d87f74c85
8bd3087ba0741d2db8fcaa991719f1deefd3a3d8234592917069f36377178b5b
8d7fed6fc266c9114f535734aebeecf43bcd1bb8209b8b32f53ef7ab5b080fbb
a5d9ceff1677643e67687fb62a8d04a28de54f64f37da4e33f7494fe8acbc891
ccc6ad34e46e9369935d4e1dd4ad6e155538931eebf4f7f10e560f21013c094a
d2cc8532e11b5b8dcb08c06e3406378c6367982418a6acd8642a01da62a8a411
d8c9db68d659640361ffda0d23812b83713307d4bc21b7702dafcc784dac2eb9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6915c68b17f7c320d23faa098218c745dfb6b6ab554863e815cccf9477c01e0
e920e6b0e7987aceb8df32656d01d44057e2c08646716202d594e06b5010ae70
f052927372e63f3ea959bbd0b48d221703aa73fb459389ed52decd140a340220