URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Submission: On November 07 via api from US — Scanned from US

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 61 HTTP transactions. The main IP is 2606:4700:4400::6812:282f, located in United States and belongs to CLOUDFLARENET, US. The main domain is thmflags.gitbook.io.
TLS certificate: Issued by WE1 on October 5th 2024. Valid for: 3 months.
This is the only time thmflags.gitbook.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
49 2606:4700:440... 13335 (CLOUDFLAR...)
1 2600:9000:220... 16509 (AMAZON-02)
1 2600:9000:23c... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:50c0:800... 54113 (FASTLY)
5 2606:4700:440... 13335 (CLOUDFLAR...)
3 2606:4700:440... 13335 (CLOUDFLAR...)
61 7
Apex Domain
Subdomains
Transfer
49 gitbook.io
thmflags.gitbook.io
2 MB
5 fontawesome.com
ka-p.fontawesome.com — Cisco Umbrella Rank: 3223
2 KB
3 gitbook.com
app.gitbook.com — Cisco Umbrella Rank: 98859
api.gitbook.com — Cisco Umbrella Rank: 89794
6 KB
1 github.io
gchq.github.io — Cisco Umbrella Rank: 605952
968 B
1 kali.org
www.kali.org — Cisco Umbrella Rank: 340456
844 B
1 tryhackme.com
assets.tryhackme.com — Cisco Umbrella Rank: 311799
16 KB
1 iframe.ly
cdn.iframe.ly — Cisco Umbrella Rank: 29256
8 KB
61 7
Domain Requested by
49 thmflags.gitbook.io thmflags.gitbook.io
5 ka-p.fontawesome.com thmflags.gitbook.io
2 api.gitbook.com thmflags.gitbook.io
1 app.gitbook.com thmflags.gitbook.io
1 gchq.github.io thmflags.gitbook.io
1 www.kali.org thmflags.gitbook.io
1 assets.tryhackme.com thmflags.gitbook.io
1 cdn.iframe.ly thmflags.gitbook.io
61 8

This site contains links to these domains. Also see Links.

Domain
www.gitbook.com
tryhackme.com
www.kali.org
gchq.github.io
Subject Issuer Validity Valid
gitbook.io
WE1
2024-10-05 -
2025-01-03
3 months crt.sh
*.iframe.ly
Amazon RSA 2048 M03
2024-09-23 -
2025-10-22
a year crt.sh
assets.tryhackme.com
Amazon RSA 2048 M03
2024-01-28 -
2025-02-25
a year crt.sh
kali.org
Cloudflare Inc ECC CA-3
2024-01-18 -
2024-12-31
a year crt.sh
*.github.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-03-15 -
2025-03-14
a year crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-07-30 -
2025-01-27
6 months crt.sh
gitbook.com
WE1
2024-09-09 -
2024-12-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Frame ID: CE8A498D3A277285DDE80A4605737F14
Requests: 60 HTTP requests in this frame

Screenshot

Page Title

Windows PrivEsc Arena | THM Walkthroughs

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

61
Requests

100 %
HTTPS

100 %
IPv6

7
Domains

8
Subdomains

7
IPs

1
Countries

2223 kB
Transfer

4212 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request windows-privesc-arena
thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/
870 KB
56 KB
Document
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a27cbb2839dbfe68516cdf25f050ab76334bac83349e9a0168d42a20753d41a8
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-ZTg4ZTk0M2QtNWU1My00ZmM2LWFmYTQtODIxYjQyYTFlNDAw' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
cache-tag
release-10.9.944,site:site_RbiMb
cf-cache-status
DYNAMIC
cf-placement
local-EWR
cf-ray
8dea2cf0abf7c326-EWR
content-encoding
gzip
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-ZTg4ZTk0M2QtNWU1My00ZmM2LWFmYTQtODIxYjQyYTFlNDAw' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
content-type
text/html; charset=utf-8
date
Thu, 07 Nov 2024 03:18:22 GMT
link
</>; rel=preconnect; crossorigin=""
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E2oOifjcZHgeIU%2BDkYXfqo5fbbcmevCRtdSb%2F%2FQ0oDE%2F%2BXXNBzBIGaTv29JjwTow1ir3pmHJfzNZVwPshz56zjtB6ulhV5hJeaLxDyDfd18yPDFod2mXRS6NNyQVvIdBKLZrrHH7mHm7YlZm%2BIyg"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
x-content-type-options
nosniff
x-edge-runtime
1
x-gitbook-cache
miss
x-gitbook-cache-tag
release-10.9.944,site:site_RbiMb
x-gitbook-version
d48926e
x-matched-path
/[[...pathname]]
1be06719d4376690.css
thmflags.gitbook.io/_next/static/css/
83 KB
6 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/1be06719d4376690.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98222d2a280cd40b1214f296463ec8faf2fa7e700fc202d50822fe10939da3b2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"e11ba0ea2cb3bb015fe7173cc0e07fa8"
age
1835668
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mfKKeIAyNA4pq8K%2BIEtJTZXT4XKvkWZtYFS5TheN%2B6C%2BHjOsU9Wp4tQT7H9pTZ8h8cwNjCcRMR8CkYXUjuYs1xi0mMqKkRX6%2BDx%2FUTtu7Z9TH9MMpkNYfusOoOcyY7Ov%2FAelJH9OQJxhXMnOi1G8"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b74c326-EWR
access-control-allow-origin
*
server
cloudflare
99f50cfb598d2941.css
thmflags.gitbook.io/_next/static/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/99f50cfb598d2941.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
292339afa6df803ce7fc3215663b3c22e250c3ee07a8ba221a3f250d66f3c729
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1def430ea4a9c808cbdb7d7970875196"
age
1835668
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8XB3F1NNb%2Fnnnizm1%2BtaseyykvRg51Q%2BGy4vl%2BiRnVia8IGqgRMj3e0XuoAs4iOQlVQE%2BvXwp6uUmzgRzbAfcIEvPpGD9MGOSWeTtMLZSLW8gMKzUdAFFl%2FeOZkLPs9exzNqM1z%2F0cClopvX%2F%2F72"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b77c326-EWR
access-control-allow-origin
*
server
cloudflare
d42d805b938873da.css
thmflags.gitbook.io/_next/static/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/d42d805b938873da.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0923585726b1c442b4eea4c6d413f96228a31247249e7693aeea3cd08c6411e0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1b85858f0c97b5c863bceb11a89dc36f"
age
1222500
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XCJb9Xzgk0ioArD3vGlNc%2FlEPiqRFYgXLJwIlt7j4N6BaIl5iDofN6Y2DhpWVdNaSVViGSyw0NVNBUG8Ea0S3KIi3MT%2FMqfxc1bKhM%2FKeL4TrB174KAS3A1P2pfgT441ire8qAEyWCJxhPdTQb0%2F"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b79c326-EWR
access-control-allow-origin
*
server
cloudflare
ad45137f2b78c232.css
thmflags.gitbook.io/_next/static/css/
110 KB
17 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/ad45137f2b78c232.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95d508ab796b15a6f502d1b8e4bbcaf2126be49826e363555891390af2d00aef
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"aab10c0cb2379cbb160eb706b3b18f9b"
age
129604
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0pNz0qEsvc%2BwV4IhifxLtgEFAtIaw9HXCEF1y2%2Bw3eOW2qQITc1h%2F%2B7NmZQNjUUQ%2FVENk755lkOLfv1PP0mHXg5QC4EmC8DuX63gw07ZXL23Jt8gf9cB%2FHMLsweBSmk68NFilFvxlsK2mnmAJJGP"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b7ac326-EWR
access-control-allow-origin
*
server
cloudflare
c311d6484335995a.css
thmflags.gitbook.io/_next/static/css/
159 B
685 B
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/c311d6484335995a.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41f90d66e405853ca80d4d66f4bd8ea768a4a85b600ca29773c1c499b1e17933
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"364b2d277bf4a05a73929b8017a11307"
age
3663130
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E%2Bsp5%2B2%2FssahTWEJCQD8IeGUxcjglbqxaAbdwenaT%2F63uu7T73uafrDbtRjdvPC%2B6yIV%2BZBv04gVOu%2FSzd08Om0lql9mwwu0QyJ%2BluXYXFsgrKIXmKC5YcS2ixef4l4rRhETz2uiMwq0UhGTxNcg"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b7bc326-EWR
access-control-allow-origin
*
server
cloudflare
5a687dea857dc6f5.css
thmflags.gitbook.io/_next/static/css/
2 KB
972 B
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/5a687dea857dc6f5.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5a21135eee7aaea6067c49dd95606e4d7cd18da50e4adcb9ba7f27f7be48f4f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"51931c9b075b881dade0ac96d5fdc570"
age
1762336
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8FPGO963O2UFLHWMd0m91gUbKZX1QU2PFdOtO1fpI5hjDY1Isn1T60Oj89Js05EP7qfDD2uLWRIDkQZubFgtx6VnOO035mXPL%2B6vS4lCeViEYa%2F3MGwU25TJ3eG%2BmICIrTNxP4oLqgpaQtH1RIi2"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b7cc326-EWR
access-control-allow-origin
*
server
cloudflare
7235fa9d119901d4.css
thmflags.gitbook.io/_next/static/css/
28 KB
4 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/7235fa9d119901d4.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c39457c52d0c8e364b6e85f6216840479aafd3840f5e1ec9e3875c114ce095c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"89f645acca45bfd06368ab4f93bdf7e4"
age
545338
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6fmKHkiEaHe2D3Lik9z%2FI7HvF0lHXp%2FKunOYin9rqyypnGhASOzcUelegKSZ5Vyiiuu4oXX183Zp0E8wlb8HAOQlODXpC85eHeVvfF1WrVTe1huvooXk2cvSIyvp7eFpSBDnX%2FB8RtO9O4d0fYS%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b7dc326-EWR
access-control-allow-origin
*
server
cloudflare
86d6274f3e6d760c.css
thmflags.gitbook.io/_next/static/css/
78 KB
6 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/86d6274f3e6d760c.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c780179fdc6281a24a03367341c70e2bd004f4f352299aea60d978ba6845253
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"c600b2ab2b7f888009bb0ec7eb0b025e"
age
1999097
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Mk%2FVv2aR4RhvDq9m5AkhkpLXaGiOi%2BJkfRJP4u2OxLDM3hhtKtDHIv4dj7cZr68Hp9C3lhtOFrR9hF7DTXMtAGY2rIhpu5blq0NiijG06xDLTu475HF%2F0iWxTDgfctK%2F4vwffmhehxwemR6F%2Fpx"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b7fc326-EWR
access-control-allow-origin
*
server
cloudflare
e9618449340509a2.css
thmflags.gitbook.io/_next/static/css/
143 KB
21 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/e9618449340509a2.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
941c4d5548cf5adaa1197fb640bd098572d37a63de015d3ad65a4e838c2a26ce
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"5e87e14141735886e746c6d80457e18a"
age
630336
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XQHSamRVNcNmH3nfzQ2ucmTpZb1QPenkizFNfKYJe%2FA4MkHoHujh17AzMD2Qywj%2B5UiIV1c6EJvXk9pK4CHdYQ%2FIqVvb8IFvlzC6D4%2Bul3ZLbZMi2LR8zcTWbmxL2jxiXegLMXPxjJKk0rsf7WsY"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b80c326-EWR
access-control-allow-origin
*
server
cloudflare
1786ad2e267d2027.css
thmflags.gitbook.io/_next/static/css/
9 KB
3 KB
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/1786ad2e267d2027.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
692a37103a655fb5073f243f35d2beec7dcf8516701dd4922a3b184dc7b84ad3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"08ef5e00ff3cc59a75aa2794bb191141"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFbqHf2RasrdrrU0hlPtu6ezQwihcoNoNrBxpzbdlDvHK0cxRKmc8M6uf5VCuPTeV%2Br2p9np3n13%2BxIJR9NAHbuNXkfvi7OabYbloe24sYcM2oEcIn%2FkaHjAXupgOsUIn1Gth3qtRrGxyXShVzps"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b84c326-EWR
access-control-allow-origin
*
server
cloudflare
0f891de5863d7182.css
thmflags.gitbook.io/_next/static/css/
139 B
697 B
Stylesheet
General
Full URL
https://thmflags.gitbook.io/_next/static/css/0f891de5863d7182.css
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a65540109ec1e413cd9314ca8e3d8828fc8ea866765c189664e4b95f78307cc4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1c37a7a1d40c67136443657ad9b33dc0"
age
4367979
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T1iZPM%2FJqeudWbErLZ6hBu0cTFmTwnksPgcrKS2L8j0MVOB4WeEUv7vCMsXhEg68GKCrH4iFJJT0DtJ7MaBL09uKFzMq1oV%2FPe3aKU4ptwixGfvyWX8ZkKdBf%2FmioZemOEnb8rRitGyK7Y9SWYuA"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa2b86c326-EWR
access-control-allow-origin
*
server
cloudflare
webpack-2191e2f8b1720f1a.js
thmflags.gitbook.io/_next/static/chunks/
5 KB
3 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/webpack-2191e2f8b1720f1a.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37a0b32f6af075f1aa61221c26ef829c19fd79275461ba494d26f009388af35c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"77ac826e739bfc5cc2bf53c1db08ae7a"
age
545338
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTd5nn%2BOazmDCYj84cruNBIUNLZ8ZBURLeEb8nYP1%2FCMCu6e5uM9EXWGA%2BC4wVyv7sRdLqzJMny47SRzAqHK350s%2B4PRwo7kwrqBh85JFyiEhTOcqq%2FqgkM7nvSmhelknQqYHK8hVg%2Fv9vBzSckD"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b8dc326-EWR
access-control-allow-origin
*
server
cloudflare
1dd3208c-b11c3db6cd7d86b2.js
thmflags.gitbook.io/_next/static/chunks/
169 KB
53 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/1dd3208c-b11c3db6cd7d86b2.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eada73c016775094674c94215fd8248667b11479eeff9c2634e9b903cfb28dc9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"c2687f84dd0cc3a42d6863412a432659"
age
1172962
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GgcBC94SYA4UsBmILhxZ80lNw5aiKg%2BhQKqNxyd7TKoGPoV4eyKdb236wmTIKNfpyGVeMLtePHh2r1%2BRqKapHVDnHOZGAir3z9H0Nj90RdoUm4SgqgWKgm5Gow6wfzwUiVc3eHX9wTmZq8EcpzWk"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b8fc326-EWR
access-control-allow-origin
*
server
cloudflare
9978-293e379e3e1468f4.js
thmflags.gitbook.io/_next/static/chunks/
173 KB
48 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e6dafce9cdb0024fcb61013365544ac7e68dd9650f02a6a2c661b303cc980ba
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"208fb82e75b482c75f59c5477ee00990"
age
1172962
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ezk%2FSbMtJuafHfWPdQqqgWTbb4vfyZZwreQhNoXvLDx%2FQOlfbti6jOIhJngHn5JY0iHAF6k2qMSxZud4BGQ9kBjYLZtqolHZNLO2cHownu5FqEZqIrKNgsKy%2F0WO2Y4ZufhWMsvRMibw9DV2rQ9X"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b90c326-EWR
access-control-allow-origin
*
server
cloudflare
main-app-7dd28f575eaf5a69.js
thmflags.gitbook.io/_next/static/chunks/
978 B
999 B
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/main-app-7dd28f575eaf5a69.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c31595fbcb3631ca241fedc6f12243bf4114e728bf48f01339191c187902693
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"37593ea50748148d619a88c6a82f8a09"
age
129604
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14h7eQfDqjnwbiaqAJRsQeNL6ECCHACfDaP0hRw085H8PSmPJRz9i9ek5WSv9fEVVU5d4P4VFiymkBFis2KG4Wk6wOiVrY1doX6MdPMOC2c7JTDHDXR3gITyRN2EzxmcS2cY%2Bc0fJZ9zusVJtLx3"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b92c326-EWR
access-control-allow-origin
*
server
cloudflare
global-error-19768e91f18f21d9.js
thmflags.gitbook.io/_next/static/chunks/app/
6 KB
3 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/app/global-error-19768e91f18f21d9.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe489d4c9ac52d1c839a81e3d30ba5a571f3c19e6499194cb6a58ca88db74425
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"573bdd9339f452e843b110f535a8502f"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GVw%2BJzfyTRyp2%2FLz3YhVVuSxYkWgR%2BjQHOa0aUm6dJlD4qbXfLv1w9Arl9IuoPypO32IGx%2BQxa6%2FCGfg30FI5%2FzyaTWZRS06lR8dc77k5BPapJgvN2qz727puoVrKmO%2BZ89Vewcx6buBl%2FrXWOg8"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b94c326-EWR
access-control-allow-origin
*
server
cloudflare
b5d5b83b-3d9186fb60556c53.js
thmflags.gitbook.io/_next/static/chunks/
72 KB
22 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/b5d5b83b-3d9186fb60556c53.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0007dacb56b8759bd82e3b92c7f6bb666a62e03a1311330d4d0b710f62456d69
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6fd3d2bbbc533feddfdd0c9f4df8794a"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLTW7ghrJGVx1ceIAE8nwa9lvtFJ%2BTDv3ucIyp1%2F34mIjk%2BSAFbR7%2FhptvbafZJdvmmAxtZGKdn2xC8l5ydm2C806zpNPGTlDui0RGCGJZt7RrEuSJBVuZCHckrgGuAGWAkdY7WKfU9ZsHiJfwnR"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b96c326-EWR
access-control-allow-origin
*
server
cloudflare
7609-ae1015bd89577747.js
thmflags.gitbook.io/_next/static/chunks/
40 KB
14 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/7609-ae1015bd89577747.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c63c446f7cec55334ce70922d7cea869633b1f7011872ef52dc506477cf5ab93
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"cc9d7879158d7806b7de7a7764aaa3ef"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IUw9ES5SuAGeBRj7bd3aTjYFPEBT0KdLYqIFVdjR0IpLSLsNlRzV5M6WzafI0OQd%2B%2BNxKxgUS838AaHTocrlClNsQlHrSW7zOQck5VuI0REBH7XAlJ%2BVLvAZhX%2FVed3rBYT798IjNCmzWIrCDpkt"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b97c326-EWR
access-control-allow-origin
*
server
cloudflare
1281-411df876b32e19c2.js
thmflags.gitbook.io/_next/static/chunks/
9 KB
4 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/1281-411df876b32e19c2.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e86e1238beedf433b5bbb8589f06907ef13f4344cc544b7e0dcc76735103f9e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"9bab183636b70c644fda4a0a3b7a4799"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BEbQDR%2BwH6Uu1eHaLJAvqouD%2B1Fxnx5GQPxdz9uuhJ2gX78zE0mFVDm6bZIbCNiDtfs36NfT2Vs6c1yO1Eqk4VilxePWhkJ80v5VE6AdTH27GAlrOHY4OKdBcIZ5lDkBPPndGSHjJcqM%2FX%2Fkm2HO"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b98c326-EWR
access-control-allow-origin
*
server
cloudflare
8953-f041d2339d5a5d94.js
thmflags.gitbook.io/_next/static/chunks/
20 KB
8 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/8953-f041d2339d5a5d94.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cb9d68bae14f9b0c31c65677ef11728be48303c9a08285484dda51c32111420
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"5438dfcc65e25f69c6d09277c3785b44"
age
545338
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yK8xx0zl1D166e7e8mnDyK91qJg3aGn1cXfgxmfjj4WzVEbcEQTO%2By%2Bh%2FHWa4eyXaakcvKPmUNWSJbZErQiZuVevFDIB3Mj1pUFf4mw72NRr4brle0t0tbaJHja6yLwmCeqqeVssZx5cH%2BxyNuEC"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b99c326-EWR
access-control-allow-origin
*
server
cloudflare
layout-5e916489bdc2b5d1.js
thmflags.gitbook.io/_next/static/chunks/app/(site)/
193 B
690 B
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/app/(site)/layout-5e916489bdc2b5d1.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68b7d1f1fdc4c75723d3cc58a8cfb004e9ca90a6fec482316efbf1abfb3a8b6c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1cfa400818c3e7dd60d4e0161c05bebc"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BaOqXIH7PwxJTS2zUONY3ZngnHocie7R3v9mXGvr65ueMpAGAuCwafmU02cw7ZcglOWq7eJhrqc3VHua%2B02KGWGyl71BaKRVfIbxcBc%2FRD2FYxQdUP%2FNbRZwXwS4B72I2aT2hqBycP3lOwuUpezc"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b9bc326-EWR
access-control-allow-origin
*
server
cloudflare
error-aabf7054fe6497a1.js
thmflags.gitbook.io/_next/static/chunks/app/(site)/
4 KB
2 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/app/(site)/error-aabf7054fe6497a1.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49f43a93deb58f27dfac81dcc0addcda94ba3e0ecad3b6fdce346bacaa01952c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"89a16327d9094c4c3797bbd321519ea1"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FMZmS3G3meifhjo8vBKULo7VSb%2FpJ0LzpvYYQoz4L8oT6g5lYaeVDJmB%2FB8H4kwfgoUvA2il64K08Atj02fVqfTQGOf9KNQagSlyihOwgHr57dhOMu1B5d9z%2Fx2wGxj%2B3zm6DFsqUWLK57zlUKhH"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b9dc326-EWR
access-control-allow-origin
*
server
cloudflare
9505-faa0b263d6e479cb.js
thmflags.gitbook.io/_next/static/chunks/
306 KB
87 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/9505-faa0b263d6e479cb.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4dd4bcc3833da0f2e095d48c02822a9bcb68f4ee9c015e9bba6d52bbce65f5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"01761f54ce7a39933c91f36811e41c5b"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3dHPvdfwZSdJXafEhH%2BgLNT9NegSOSbPZ9Bge9InkNF78BWFjo7w8tcvHqLw2y7zTmvk7%2FYZkCru5pSHC7MA%2BZcpw0XKqMRE2LbWnQwPJw9%2F76JgB%2BtuQogepUYeY4oul%2BBiRp6w7EUN7IGQieCH"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3b9fc326-EWR
access-control-allow-origin
*
server
cloudflare
1538-28b9996ceedaa74d.js
thmflags.gitbook.io/_next/static/chunks/
136 KB
46 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/1538-28b9996ceedaa74d.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
281ca8b113e43ceee15462d12c383b9535e7edbda733ca483621f4e060af5fa9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6d680cbc96f4fba2dec3c20fda462d7d"
age
1173179
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLjf44z6kFVD3%2BJLMpbWWAcRafRUEYWMFTE%2FmdO60dDcsEk6uxZPG45mV5cE8nrNoBCyHHwN4bl79wvB171pwrfDFvoSM4myNONegzHg9VdxibdxUdzMPYjH3RsqMhO2q46alPEYdfDhCprNEngG"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba0c326-EWR
access-control-allow-origin
*
server
cloudflare
1285-0e02bdd8841e53f6.js
thmflags.gitbook.io/_next/static/chunks/
28 KB
10 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/1285-0e02bdd8841e53f6.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69e2afc79a829861e78aae1b3bfed3e6553cc95e8926377430ca2b37e97589fd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"4db4b76701024195d1b288943bb4437b"
age
545338
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=InrIcgmvQyQqYbV5hJt6C%2Bm%2BSSGfff5W8ZMpzkp0sq1Nx8EX9e8%2BnAOH43vuUSNt91bADUpHsgxMvrrBEJtxlZwLaSVVlEJtt4yDBWYgMxHiEFj4GKkj3PLz7PJJlNYl2Lp3crBgagZxVACNv7Zm"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba1c326-EWR
access-control-allow-origin
*
server
cloudflare
3902-19c217a299034164.js
thmflags.gitbook.io/_next/static/chunks/
4 KB
2 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/3902-19c217a299034164.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3f6b54c642d999cce1a7eec61cd152e354f992deefaa208a1d04a064c402456
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"86471c0b68f57dc3fc90348ec0822d49"
age
1663837
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c6Xq1r9l1ekC5jFMHJGtNnskcc80mk8OszyF1a7P5Eghcm8ktNBADZU8ofolZqOR5xno7n%2FAOoO25xhkXQ7iyUwGcSyIi%2BSrYVXPEfXvI1ZT0RWMfflnCQtGDZBGne6ChoDGhpLjtkFHjWLYC6vT"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba2c326-EWR
access-control-allow-origin
*
server
cloudflare
layout-a764127464f136e5.js
thmflags.gitbook.io/_next/static/chunks/app/(site)/(content)/
31 KB
10 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/app/(site)/(content)/layout-a764127464f136e5.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbb9c72476b4e1f87d867f153d904405ef55db3e3ccec647ce5409851401d93a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"403978664997b8be7659ef2fc6f8a706"
age
129604
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BUS0vW0KN8Bkjf1egov1hBbML48fX04uOEvbyFerEyy%2Bl5MdUozF%2B7dvEeGv8fwpaCZy9nIW4pm%2FtsKIQSOWZ%2FH6zygd%2BXiBqJf3GhO0SH%2FZkLY64SyxKMOXE85tjeD6d9EmyUgL1JAM0o08fedc"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba3c326-EWR
access-control-allow-origin
*
server
cloudflare
6150-57a79db9099e4be8.js
thmflags.gitbook.io/_next/static/chunks/
20 KB
8 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/6150-57a79db9099e4be8.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dceef739a3784e7d962af1e9fa3eab86ba71473ef68044f395f456ea6b24587c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1417c67d3052c449db9274076dd5ed11"
age
150082
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=syNPyaK5bZTZEyypqo9DNLNNStAU%2Bq4Im%2BA5UZZ8aBIdYE13QEM9B6ahhTojhHAuB6A%2FNDrPx%2F1fihS3%2FPOA8jXGaHSPpgIV5b0CuxCsv8wFxp3Z%2FLRDDX0XP7rqzTqs9JllgIKU7UjESSNRshTR"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba4c326-EWR
access-control-allow-origin
*
server
cloudflare
8510-2f41b25832a6d317.js
thmflags.gitbook.io/_next/static/chunks/
39 KB
14 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/8510-2f41b25832a6d317.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97c7c5fb089f6dd442b91e0a25ab029dfd7e993f1021f3ec54e79e95a0326f26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"e5fc05f199425e4357e9902907f3c87d"
age
123948
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFuk8NK783jbHfpAU9xr29W5%2FzsZ0vWiAv0O02Ifm0tnPaPgWZiNflm0nE9zGIz79dEb9EULkW2yZX18GxvphD3taspKm7pdmHdHTPJr%2FBO%2F2dDdqAOC6kTFUNDcl8O2li25fS9r%2BRT9xEeeTPHs"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba6c326-EWR
access-control-allow-origin
*
server
cloudflare
4608-ee648d7061415a82.js
thmflags.gitbook.io/_next/static/chunks/
12 KB
5 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/4608-ee648d7061415a82.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ccdcea4fe26d5195b1ccd7ad0e272c05f9e0deb51029ec1e045e7ecafbe79cd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"e779c05962650bfe1b01ce6fa80390a2"
age
46660
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtgmJqdAerl51iWOUjZShU5u6Hf1MEQ%2FnSUtPmupOW%2Fo9bpdt2fjmtAQbDPsHLYvacSpBKpQvzexg7QMktCR7aY10b7HAkupzWr0314nAnG5gJOjBJkLfhOPw9Jfbr1aTZMxHhPH%2BA597RwuXqQK"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba7c326-EWR
access-control-allow-origin
*
server
cloudflare
9028-bdf215f649fe02e9.js
thmflags.gitbook.io/_next/static/chunks/
15 KB
6 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/9028-bdf215f649fe02e9.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2a968d506fbf01e8f273c31d00d8e17d77dda4d1c9c089baa4a049eb9313b9d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"4295b05806c87d40ffb90eff3c23cc56"
age
545338
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zn%2FqHnLVGi%2Fu6qaFmESmg3c7fYmzweSaITYw5c7Nz0T69rZ13kMmjldGg9kHv3OqDx%2BrSgb0DAFIDdJapHC9olp7lso0oqpxaNIWCAhCCwvkN7gGE3P9CRxfLL7k%2F7cfxBAC2sIofX5sFj9HbdBD"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba8c326-EWR
access-control-allow-origin
*
server
cloudflare
page-a59a386a98c276ff.js
thmflags.gitbook.io/_next/static/chunks/app/(site)/(content)/%5B%5B...pathname%5D%5D/
12 KB
4 KB
Script
General
Full URL
https://thmflags.gitbook.io/_next/static/chunks/app/(site)/(content)/%5B%5B...pathname%5D%5D/page-a59a386a98c276ff.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93ecee95e214fca0db8373e2613740d7f25014e3a3dee37aa39754ad0d317c85
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"7c196c1e08f525445acc5dc8301f945b"
age
545338
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wRkxy7PZX6NA3vpU5MQQBSwBUrn%2BPmtyLeQT%2BU5Ooo5nkd2JheKH8yVMaaDr4An%2FUBKca0Itxrah9oSR%2Biyx8rr%2Fdy2gYICAz5WZwRNUzAEHheL5CpoRRkVcJ%2B5Pdf7U2pLkKzYXVBHCXm71QG8i"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
application/javascript
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfa3ba9c326-EWR
access-control-allow-origin
*
server
cloudflare
embed.js
cdn.iframe.ly/
24 KB
8 KB
Script
General
Full URL
https://cdn.iframe.ly/embed.js
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:1400:e:e47a:54c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
6e8b19acc79b2357936ef1381c0ea3d34a38c8b73d096da65272b8be1ed41043

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-amz-cf-id
Kodg7gJb-SN-AsxUnpXh-c7vD655CFtf95E3ZXjAJZY6RKkkY36-pA==
cache-control
public, max-age=86400
content-encoding
br
etag
W/"656de555-6060"
age
79660
via
1.1 c22d4946ef5faea12b8d3942ceb9259a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
date
Wed, 06 Nov 2024 05:10:43 GMT
content-type
application/javascript
last-modified
Mon, 04 Dec 2023 14:42:29 GMT
server
nginx
x-amz-cf-pop
EWR53-P1
vary
Accept-Encoding
favicon.png
assets.tryhackme.com/img/
16 KB
16 KB
Image
General
Full URL
https://assets.tryhackme.com/img/favicon.png
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:c000:1f:54cc:9ec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fdf8a6f64a98ff0195d72acda83feb584d455a97e19559825b017b9353ee653f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-amz-version-id
m8wRCvl1GXS2A5pHYkguHumLszSuuSB8
etag
"e49ecf40c7fdf87b783f5d2b575fe517"
age
37525
via
1.1 92672fff57a11d8cf4f64313a69242d0.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
16404
x-amz-cf-id
YFy_eyGgcpo38ZVp3IOinN3AiZGF3BpsqDkfgySFwfRCovjVtg9OrQ==
date
Wed, 06 Nov 2024 16:52:59 GMT
content-type
image/png
last-modified
Wed, 06 Nov 2024 16:46:49 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P2
x-amz-server-side-encryption
AES256
favicon.png
www.kali.org/images/
518 B
844 B
Image
General
Full URL
https://www.kali.org/images/favicon.png
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:59f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
346fed1692a85bb1156a90b9565b80080255b5c033f619875f7f7863be18e022

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

cache-control
public, max-age=14400
content-encoding
gzip
cf-cache-status
HIT
etag
"b64ed2e50d85c61386d6b2b7142edf07527271d8d18ca5776a6881d0e23cbf2c-gzip"
age
276
cf-ray
8dea2cfd3fab41d2-EWR
expires
Thu, 07 Nov 2024 07:18:23 GMT
permissions-policy
interest-cohort=()
accept-ranges
bytes
content-length
541
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
image/png
last-modified
Wed, 06 Nov 2024 18:47:54 GMT
vary
Origin, Accept-Encoding
server
cloudflare
aecc661b69309290f600.ico
gchq.github.io/CyberChef/assets/
1 KB
968 B
Image
General
Full URL
https://gchq.github.io/CyberChef/assets/aecc661b69309290f600.ico
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8003::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
9eeb302edeb3bfeaf0164a9865c2659ba2c0403530fec2b411c1dce2c80350bd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-fastly-request-id
002bcf7f4c9f5837abc9aa24dafd9eaf862bac7d
content-encoding
gzip
etag
W/"671913b3-43a"
age
0
x-github-request-id
5D33:1E938F:89E306:9C2F08:672C03EF
expires
Thu, 07 Nov 2024 00:13:59 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
image/vnd.microsoft.icon
last-modified
Wed, 23 Oct 2024 15:18:11 GMT
x-served-by
cache-ewr-kewr1740037-EWR
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1730949504.547896,VS0,VE16
via
1.1 varnish
permissions-policy
interest-cohort=()
accept-ranges
bytes
access-control-allow-origin
*
content-length
541
x-origin-cache
HIT
server
GitHub.com
a34f9d1faa5f3315-s.woff2
thmflags.gitbook.io/_next/static/media/
47 KB
48 KB
Font
General
Full URL
https://thmflags.gitbook.io/_next/static/media/a34f9d1faa5f3315-s.woff2
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/css/1be06719d4376690.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/_next/static/css/1be06719d4376690.css

Response headers

x-gitbook-cache
hit
cf-cache-status
HIT
etag
"d45b0dd4cb6ee6e590ede559bc68daa2"
age
4367701
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYEacsEQQPTmeSjMniMSJtDUpbjX5orpgy0bV40AQDcV474ZDK0974oYkHgAwibZYftZrP94jRRRqkbTu4xqkcJPjgD0beOdkoyQrqBx5aeGmNijcfCrxZJtV3epFNP8ad4sslSfbXqgbDSSi345"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
font/woff2
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfd8ea0c326-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
48556
server
cloudflare
magnifying-glass.svg
ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/
483 B
407 B
Image
General
Full URL
https://ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/magnifying-glass.svg?v=2&token=a463935e93
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf2a6a5f8c28ed6ebddf6fa704ad4f21d95c55a140c124b94dd4bf28b736a654

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6695a1f6-1e3"
cf-ray
8dea2cfdeb4432c6-PHL
access-control-allow-origin
*
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
image/svg+xml
last-modified
Mon, 15 Jul 2024 22:25:58 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
chevron-right.svg
ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/
394 B
501 B
Image
General
Full URL
https://ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/chevron-right.svg?v=2&token=a463935e93
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e745a051fade69ed0d6a92fe8f0437d646bafe59a91f3c6654b0c4295c1ed91f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6695a1e1-18a"
cf-ray
8dea2cfdeb4a32c6-PHL
access-control-allow-origin
*
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
image/svg+xml
last-modified
Mon, 15 Jul 2024 22:25:37 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
gitbook.svg
thmflags.gitbook.io/~gitbook/static/icons/svgs/custom-icons/
1 KB
1 KB
Image
General
Full URL
https://thmflags.gitbook.io/~gitbook/static/icons/svgs/custom-icons/gitbook.svg?v=2
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2b5edbdd84e821da7830e59580a2581cfd2e2bfb01a197c3e9f919b7859fc0a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6a0e8c1b87703edb50c128db3b80b0c7"
age
112150
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tg2YyhndCAjfJCKWh6ak3BF4O3wwD7%2FEvneVMtQav8sddr9bUjNBLdp9zT23X9SmBk5I9MhPBYgWiO9Acsp5rvMamBdVxSqFSOBj6i%2BS1xRBoOHcOEZ8bMiZUweUOUC7g6eeEK5bc6XNQlQqu9og"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfd0e20c326-EWR
access-control-allow-origin
*
server
cloudflare
chevron-left.svg
ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/
393 B
333 B
Image
General
Full URL
https://ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/chevron-left.svg?v=2&token=a463935e93
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ab2a0562e22f0c92b3178ff3d9ca99c14646df6947a180f3e655305c7249f2c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6695a1e1-189"
cf-ray
8dea2cfdeb4c32c6-PHL
access-control-allow-origin
*
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
image/svg+xml
last-modified
Mon, 15 Jul 2024 22:25:37 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
79ec87d3cdff1fa5-s.woff2
thmflags.gitbook.io/_next/static/media/
2 MB
2 MB
Font
General
Full URL
https://thmflags.gitbook.io/_next/static/media/79ec87d3cdff1fa5-s.woff2
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/css/d42d805b938873da.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9ace726a07c376e50d23fda2552280cc6ae95f391b1abc378fd00d38802f74c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/_next/static/css/d42d805b938873da.css

Response headers

x-gitbook-cache
hit
cf-cache-status
HIT
etag
"a7348788292604a044bf6c450e763370"
age
1222500
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qinbx5alUHTdfbVWcKSfQVn8u8VREeMGKNnckn8en78OSINmKv5GKbgE9VZesGj7KXbrbTV0714LXhPq8GmoKlGUTL%2FFQTD5bBAFlxRWjeC6lGG2ehwrynxyLnm%2Ba8PqPY3GUTEqae4F0ysqtVEa"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:23 GMT
content-type
font/woff2
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2cfd8ea1c326-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
1666688
server
cloudflare
hashtag.svg
ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/
814 B
493 B
Image
General
Full URL
https://ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/hashtag.svg?v=2&token=a463935e93
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b053c1a8d1743d15e13597718631b7f7d8eb96c7d283d071fbdb8b37e5e05fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6695a1f1-32e"
cf-ray
8dea2cffee6e32c6-PHL
access-control-allow-origin
*
date
Thu, 07 Nov 2024 03:18:24 GMT
content-type
image/svg+xml
last-modified
Mon, 15 Jul 2024 22:25:53 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
circle-check.svg
ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/
488 B
417 B
Image
General
Full URL
https://ka-p.fontawesome.com/releases/v6.6.0/svgs/regular/circle-check.svg?v=2&token=a463935e93
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14438a8fb82a9e8288f05ab19d969a6fd09d43a382b942dd84aab9f6e5979189

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/

Response headers

cache-control
max-age=31556926
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6695a1e2-1e8"
cf-ray
8dea2d003ede32c6-PHL
access-control-allow-origin
*
date
Thu, 07 Nov 2024 03:18:24 GMT
content-type
image/svg+xml
last-modified
Mon, 15 Jul 2024 22:25:38 GMT
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
server
cloudflare
3478b6abef19b3b3-s.woff2
thmflags.gitbook.io/_next/static/media/
10 KB
10 KB
Font
General
Full URL
https://thmflags.gitbook.io/_next/static/media/3478b6abef19b3b3-s.woff2
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/css/1be06719d4376690.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64bc2a00d28ef824b977ed1c523138d821eaa4576447153e02de70aacb071147
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://thmflags.gitbook.io
Referer
https://thmflags.gitbook.io/_next/static/css/1be06719d4376690.css

Response headers

x-gitbook-cache
hit
cf-cache-status
HIT
etag
"4f52c61f8f0cad0e31eb3b44c3bf3d4e"
age
8887
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pX6uE4ZZfh59a9vQ%2Bj6bFkELsPVXC6b%2FZhFF7SbOp6opsk8xoeyyqdRJcUsf3z7ymvunB14FtUX505i2nx60LII5yIhgYgoZcb1mSvM%2FgDhGexavTOYZS7lPqh9V71W8%2FBsKTyy4WwmcE15rGzh%2F"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:24 GMT
content-type
font/woff2
vary
Accept-Encoding
cache-control
public,max-age=31536000,immutable
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
8dea2d0068b8c326-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
10088
server
cloudflare
thm-walkthroughs
thmflags.gitbook.io/
5 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c26507ae1cf84aa6e949040721cab6431df3cce653be041c702f6b1b5d8d892
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-MWVhNTlmMWEtMTJhYy00YTJkLThhZTItY2U5OGE5MzlmZGQ0' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
age
17830
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mZsSkbawpABgojBQ%2FGNizXtdfDWRmYny0SpCCwNOSBRP8hhMvAD2e7gvrTT9cNBqELlhx1iTJ712kkmouk4TkODAGnjAf8jJU%2FnIUJ4IMQNKhxWb5U8gZfUXWuMqab1GOboGBSTQwZetvRbwYy1d"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:24 GMT
x-edge-runtime
1
content-type
text/x-component
last-modified
Wed, 06 Nov 2024 22:21:14 GMT
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.944,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-MWVhNTlmMWEtMTJhYy00YTJkLThhZTItY2U5OGE5MzlmZGQ0' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d02ea81c326-EWR
server
cloudflare
__session
app.gitbook.com/
52 B
6 KB
Fetch
General
Full URL
https://app.gitbook.com/__session?proposed=cbf3a649-3ecd-4c6d-892c-fd97c5262bddR
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/app/(site)/(content)/%5B%5B...pathname%5D%5D/page-a59a386a98c276ff.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:92a7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / GitBook
Resource Hash
b1e014620a6d492a12df5a2c3f7051af3379fa7dbc612b0b72c0b76671340e06
Security Headers
Name Value
Content-Security-Policy default-src 'self' app.gitbook.com api.gitbook.com integrations.gitbook.com files.gitbook.com *.gitbook.com; connect-src 'self' blob: * app.gitbook.com api.gitbook.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sentry.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com https://*.algolia.net https://*.algolianet.com *.iframe.ly cdnjs.cloudflare.com cdn.jsdelivr.net *.amplitude.com cloudflareinsights.com *.googleapis.com *.cloudfunctions.net *.google.com *.firebaseio.com wss://*.firebaseio.com *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com segment-api.gitbook.com *.castle.io *.stripe.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com track-eu.customer.io track.customer.io customerioforms.com eu.customerioforms.com *.api.gist.build *.cloud.gist.build api.getripe.com us.api.getripe.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' integrations.gitbook.com app.gitbook.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://translate.googleapis.com https://translate.google.com https://*.algolia.net https://*.algolianet.com https://cdn.iframe.ly https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.amplitude.com https://static.cloudflareinsights.com 'unsafe-inline' *.firebaseio.com *.gstatic.com *.google.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com segment-cdn.gitbook.com https://js.stripe.com https://checkout.stripe.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://assets.customer.io https://code.gist.build https://customerioforms.com https://eu.customerioforms.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net storage.getripe.com us.storage.getripe.com *.opentok.com; style-src 'self' 'unsafe-inline' app.gitbook.com translate.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com checkout.stripe.com https://fonts.googleapis.com https://beacon-v2.helpscout.net code.gist.build; img-src data: * blob: static.intercomassets.com *.intercomcdn.com *.intercom-mail.com *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-9.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com translate.google.com translate.googleapis.com www.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.stripe.com https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ track-eu.customer.io track.customer.io https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net images.getripe.com storage.googleapis.com us.images.getripe.com us.storage.googleapis.com; font-src app.gitbook.com * js.intercomcdn.com fonts.intercomcdn.com data: cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com https://fonts.gstatic.com https://beacon-v2.helpscout.net assets.getripe.com; child-src 'self' blob: www.intercom-reporting.com intercom-sheets.com www.youtube.com player.vimeo.com fast.wistia.net www.googletagmanager.com app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; worker-src 'self' blob:; frame-src www.intercom-reporting.com www.googletagmanager.com * *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com *.stripe.com *.stripe.network https://beacon-v2.helpscout.net renderer.gist.build code.gist.build; form-action api-iam.intercom.io intercom.help forms.hsforms.com forms.hubspot.com; media-src *.intercomcdn.com https://beacon-v2.helpscout.net *.mux.com blob:; frame-ancestors app.gitbook.com; base-uri https://docs.helpscout.net; object-src https://beacon-v2.helpscout.net; report-uri https://o1000929.ingest.sentry.io/api/5960429/security/?sentry_key=a9072c7b7a264a6e9c617a4fa5fa8ed9&sentry_environment=gitbook-x-prod&sentry_release=10.9.944;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
etag
W/"34-O+YOYFrRJhirigOcxpb58TkNPLs"
x-content-type-options
nosniff
expires
Thu, 07 Nov 2024 03:18:24 GMT
alt-svc
h3=":443"; ma=86400
x-cache
MISS
x-release
gitbook-x-prod-10.9.944-08d7879d0af49b2b91c9880a164dbe53bb3ec195-11707284322
date
Thu, 07 Nov 2024 03:18:24 GMT
content-type
application/json; charset=utf-8
vary
Origin, Accept-Encoding
x-cloud-trace-context
9c347adede420c521ee277eaa97fb718
strict-transport-security
max-age=31536000
content-security-policy
default-src 'self' app.gitbook.com api.gitbook.com integrations.gitbook.com files.gitbook.com *.gitbook.com; connect-src 'self' blob: * app.gitbook.com api.gitbook.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sentry.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com https://*.algolia.net https://*.algolianet.com *.iframe.ly cdnjs.cloudflare.com cdn.jsdelivr.net *.amplitude.com cloudflareinsights.com *.googleapis.com *.cloudfunctions.net *.google.com *.firebaseio.com wss://*.firebaseio.com *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com segment-api.gitbook.com *.castle.io *.stripe.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com track-eu.customer.io track.customer.io customerioforms.com eu.customerioforms.com *.api.gist.build *.cloud.gist.build api.getripe.com us.api.getripe.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' integrations.gitbook.com app.gitbook.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://translate.googleapis.com https://translate.google.com https://*.algolia.net https://*.algolianet.com https://cdn.iframe.ly https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.amplitude.com https://static.cloudflareinsights.com 'unsafe-inline' *.firebaseio.com *.gstatic.com *.google.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com segment-cdn.gitbook.com https://js.stripe.com https://checkout.stripe.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://assets.customer.io https://code.gist.build https://customerioforms.com https://eu.customerioforms.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net storage.getripe.com us.storage.getripe.com *.opentok.com; style-src 'self' 'unsafe-inline' app.gitbook.com translate.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com checkout.stripe.com https://fonts.googleapis.com https://beacon-v2.helpscout.net code.gist.build; img-src data: * blob: static.intercomassets.com *.intercomcdn.com *.intercom-mail.com *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-9.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com translate.google.com translate.googleapis.com www.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.stripe.com https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ track-eu.customer.io track.customer.io https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net images.getripe.com storage.googleapis.com us.images.getripe.com us.storage.googleapis.com; font-src app.gitbook.com * js.intercomcdn.com fonts.intercomcdn.com data: cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com https://fonts.gstatic.com https://beacon-v2.helpscout.net assets.getripe.com; child-src 'self' blob: www.intercom-reporting.com intercom-sheets.com www.youtube.com player.vimeo.com fast.wistia.net www.googletagmanager.com app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; worker-src 'self' blob:; frame-src www.intercom-reporting.com www.googletagmanager.com * *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com *.stripe.com *.stripe.network https://beacon-v2.helpscout.net renderer.gist.build code.gist.build; form-action api-iam.intercom.io intercom.help forms.hsforms.com forms.hubspot.com; media-src *.intercomcdn.com https://beacon-v2.helpscout.net *.mux.com blob:; frame-ancestors app.gitbook.com; base-uri https://docs.helpscout.net; object-src https://beacon-v2.helpscout.net; report-uri https://o1000929.ingest.sentry.io/api/5960429/security/?sentry_key=a9072c7b7a264a6e9c617a4fa5fa8ed9&sentry_environment=gitbook-x-prod&sentry_release=10.9.944;
cache-control
private
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
via
no cache
cf-ray
8dea2d051b4032c8-PHL
x-magic-hash
c4de798fc4cfe112381b544da3ddae818ea54754c0cf8650f756a18348b8bbe6
access-control-allow-origin
https://thmflags.gitbook.io
content-length
72
function-execution-id
f9dktpvjbm6o
x-powered-by
GitBook
server
cloudflare
difficulty-info
thmflags.gitbook.io/thm-walkthroughs/
4 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-info?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2f2715cdb22c576e1d26df0c0efec36dc098ce0b43d2284a2ad7e27a0abb99f
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-NzcyMjMzYjgtNmM0OC00MmIxLWI2MGMtZjE3NDYxMzI4M2Rh' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
age
46660
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVMtGQNorlXgJYQyjUATLBXI4lYCOcbYxumlaS2VZbcR8qEVjgYUTqQPpT8zGb%2F6%2FryxL6xDnS8QV1IJx1KlYElyH0QtKW6GwUak1WEKIC91lTap6aC0ZepGp1paf2O1YF2z%2FmMRo00neoCu%2F8Mh"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:24 GMT
x-edge-runtime
1
content-type
text/x-component
last-modified
Wed, 06 Nov 2024 14:20:44 GMT
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.943,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-NzcyMjMzYjgtNmM0OC00MmIxLWI2MGMtZjE3NDYxMzI4M2Rh' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d02fa8ec326-EWR
server
cloudflare
difficulty-easy
thmflags.gitbook.io/thm-walkthroughs/
4 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-easy?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9ce0b50d4a4d26f40b25113f0b86015a277c2e9fbde99311e6b60a03fb5094b
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-MmMzNjcxNDItN2RmNy00NTE5LTgxMmEtY2U3NmMxZTE2YTMy' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
age
46660
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVnMINcqNQcFlox9An8dqvYk09I8RHHF%2BNmc3tP2rFBlG3N4i0XBseG4PakDEHDmYVkWBxsF35Zg5951e%2B2vq0Xjzt4Qwz6uUjyi43ZH9qd9nho1o1DdPxIs71E%2FJuGJcJzqDhYgmrooFTRnPO4%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:24 GMT
x-edge-runtime
1
content-type
text/x-component
last-modified
Wed, 06 Nov 2024 14:20:44 GMT
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.943,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-MmMzNjcxNDItN2RmNy00NTE5LTgxMmEtY2U3NmMxZTE2YTMy' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d02fa90c326-EWR
server
cloudflare
difficulty-medium
thmflags.gitbook.io/thm-walkthroughs/
4 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
892ae724b5c96561c63af8259bd175ab762d16d3d6a3eef6da8fbeb242a8fed3
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-OWQ0ZTVlMzItZjAzYy00YjM3LWJjNGEtYjkyYTVmOGFlZTZm' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
age
46660
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXh4js%2B933blCQRDC22fdZW4JYYcIrna%2FWtBLrWbf05Ey%2FYYVzlaSDa9Z0exmX0xhPR8tvO7D8HfRozeXrjeYyDD%2F6zMWeYHLW3m0HtFNaqvttXk76UDtalxE0fM11319XXLqsAT8x5zGHoApiDX"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:24 GMT
x-edge-runtime
1
content-type
text/x-component
last-modified
Wed, 06 Nov 2024 14:20:44 GMT
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.943,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-OWQ0ZTVlMzItZjAzYy00YjM3LWJjNGEtYjkyYTVmOGFlZTZm' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d02fa91c326-EWR
server
cloudflare
attacktive-directory
thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/
5 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/attacktive-directory?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01a29c1af6218fe03811871b4f1c0a42a74c72c2b640da254da9ec39753cd599
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-YTdlZTFiODUtYWIxZC00ZDI2LWFmODQtNDhiNGZhMzEwOGI2' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
miss
content-encoding
gzip
cf-cache-status
DYNAMIC
cache-tag
release-10.9.944,site:site_RbiMb
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdPmysAs994znmFWtes%2BXSRlsvZa5a%2FMZ7D6CneRvxX9ddM8uoIVhMTUAMd2U3YC137BbWL8TXyFWQAdb2urxesVtErB5ffywTwaZNv4HBAX7mS7KEZmv1iIB8pcWKZM6NueSqn1cN4K48oQXUC8"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:24 GMT
x-edge-runtime
1
content-type
text/x-component
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.944,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-YTdlZTFiODUtYWIxZC00ZDI2LWFmODQtNDhiNGZhMzEwOGI2' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d02fa92c326-EWR
server
cloudflare
track_view
api.gitbook.com/v1/orgs/GTmpUWAsA4ggQ7tRgn9H/sites/site_RbiMb/insights/
0
0
Preflight
General
Full URL
https://api.gitbook.com/v1/orgs/GTmpUWAsA4ggQ7tRgn9H/sites/site_RbiMb/insights/track_view
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:92a7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / GitBook
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://thmflags.gitbook.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,content-type,x-castle-request-token,if-unmodified-since,x-gitbook-trace-id,x-gitbook-span-id,x-gitbook-criticality
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
access-control-expose-headers
location,x-gitbook-execution-id,x-gitbook-mutations,x-gitbook-subscription-channels,x-gitbook-subscription-urls
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-ray
8dea2d096ceac352-EWR
date
Thu, 07 Nov 2024 03:18:25 GMT
referrer-policy
no-referrer-when-downgrade
server
cloudflare
strict-transport-security
max-age=3600
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
GitBook
track_view
api.gitbook.com/v1/orgs/GTmpUWAsA4ggQ7tRgn9H/sites/site_RbiMb/insights/
0
0
Fetch
General
Full URL
https://api.gitbook.com/v1/orgs/GTmpUWAsA4ggQ7tRgn9H/sites/site_RbiMb/insights/track_view
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/app/(site)/(content)/%5B%5B...pathname%5D%5D/page-a59a386a98c276ff.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:92a7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / GitBook
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

access-control-expose-headers
location,x-gitbook-execution-id,x-gitbook-mutations,x-gitbook-subscription-channels,x-gitbook-subscription-urls
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:26 GMT
content-type
text/html
vary
Accept-Encoding
x-cloud-trace-context
0e749a8c27e1a1295477beb595f47234
x-frame-options
DENY
strict-transport-security
max-age=3600
access-control-allow-credentials
true
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d0ca833c352-EWR
access-control-allow-origin
*
x-gitbook-execution-id
1229eaa5b4dd4991
x-powered-by
GitBook
server
cloudflare
mr-robot-ctf
thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/
5 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/mr-robot-ctf?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
adbf86218cd0cddd2e400deadda66f32ef09a2dba5cd2df4a9873b9ad05c4f0a
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-ZWE2YTI0OTYtM2Q4ZS00OGVkLTk2ZTAtODdlZTM0NDRlYTNl' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
miss
content-encoding
gzip
cf-cache-status
DYNAMIC
cache-tag
release-10.9.944,site:site_RbiMb
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hkM%2BTtjf4RcDVjmMciLyvgcv%2FHpmvLks6O9O39nTL%2BVfhH7UHFnwum131jzGod364qaelvFxG1Of6Qdzb5tQPzn10x%2BxJpxA5R3K2CNi%2B9wjUdPtnuId6OzA%2F1Q15OWijo1zlRmuhwkIe3fTi%2BYk"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:27 GMT
x-edge-runtime
1
content-type
text/x-component
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.944,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-ZWE2YTI0OTYtM2Q4ZS00OGVkLTk2ZTAtODdlZTM0NDRlYTNl' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d122eb2c326-EWR
server
cloudflare
linux-privesc
thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/
5 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/linux-privesc?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a343fcd6726862cab5cac1a367726b64f88608a95b359c228989a325d21b3d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-NWY2ZTZjN2YtMTBlNy00ODM1LWE1MTktNGU2MmE1MDY2MjRm' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
miss
content-encoding
gzip
cf-cache-status
DYNAMIC
cache-tag
release-10.9.944,site:site_RbiMb
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFxDQLP%2BwPMq7%2BtlaoiZy1YpMz6zFyJg3Mit0AGALc1rfPhcSOa44voZiJJ%2BKANeBvjoFtObrNHUgIlpMavOeOgq%2FjEINVwWMa6Y%2BNxSqbT96B4S%2F8a5iH2dEEZs41INLU9owfD%2Fpv%2BFy8dbunRN"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:26 GMT
x-edge-runtime
1
content-type
text/x-component
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.944,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-NWY2ZTZjN2YtMTBlNy00ODM1LWE1MTktNGU2MmE1MDY2MjRm' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d122eb6c326-EWR
server
cloudflare
linux-privesc-arena-wip
thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/
5 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/linux-privesc-arena-wip?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20078005f7531ccb7f47eae3f211aad25e16cb3c3aa87ce3cdd4714de12566c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-ZjhmZjYzNzItNTAzMy00MzhjLTljNWQtNGMxNmI4MGEwZGNm' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
miss
content-encoding
gzip
cf-cache-status
DYNAMIC
cache-tag
release-10.9.944,site:site_RbiMb
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vhug3r02dNQBtuBInnBR5%2FhjbG5lpVNsiftNN985RMFmHQVui7pn04svyF%2BsWp5XAInR06hO9evxHcJlRJCB7Qzke14fjNXxqjypWIVU6vpPS2daiHDTmkPof8fFwb3p0aJi6v3QMKdjmWCk1QZk"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:27 GMT
x-edge-runtime
1
content-type
text/x-component
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.944,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-ZjhmZjYzNzItNTAzMy00MzhjLTljNWQtNGMxNmI4MGEwZGNm' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d122eb8c326-EWR
server
cloudflare
difficulty-hard
thmflags.gitbook.io/thm-walkthroughs/
4 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-hard?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
741c8a29af6f165d58375d11a067d22e36ae656e441be3ade00048084ed6702f
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-YmE5MzUwYTctNjFiMi00Y2NiLWE5YWQtNjI4N2ZkZTllNDcx' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
age
46662
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JdIIMaHGE9lF4ib0tEZyZhmYrUgyhnn8FHPzKo1%2BjKMCH2A5wK21ucRmfy1R5pjGbgh%2BprxQva2LC%2FV5q%2F6GAOUJbKsFV%2FjreWjWBbs9rww2CwPzjP7jiihczQnwG9lx1aY2ApFaTl0bhYn4bVHH"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:26 GMT
x-edge-runtime
1
content-type
text/x-component
last-modified
Wed, 06 Nov 2024 14:20:44 GMT
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.943,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-YmE5MzUwYTctNjFiMi00Y2NiLWE5YWQtNjI4N2ZkZTllNDcx' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d122ebbc326-EWR
server
cloudflare
difficulty-insane
thmflags.gitbook.io/thm-walkthroughs/
4 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-insane?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3399834b5b768f8e51d2cab396be99ce79d6bea36bc8f3224db273c6cd6c67f7
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-NGVjNzE3MzUtODljOC00OWRkLTliNmItODVjYjAxOWFiMWYy' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
age
46662
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FwXAg4zcT0x9KX%2BvG0LfxUpEWntuXvHHw6%2FU28YuvRLOw0UNLpAWfhoHN0CbQjZotzaZQsqf9OeZh05to5c3IObdNMg7T5t%2FD4AVrloCQzZC4kN%2Bc5fZj178d%2FCMNAAoG30PKZIk3A967hbkScrE"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:26 GMT
x-edge-runtime
1
content-type
text/x-component
last-modified
Wed, 06 Nov 2024 14:20:44 GMT
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.943,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-NGVjNzE3MzUtODljOC00OWRkLTliNmItODVjYjAxOWFiMWYy' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d122ebec326-EWR
server
cloudflare
blank-room-duplicate-me
thmflags.gitbook.io/thm-walkthroughs/
4 KB
3 KB
Fetch
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/blank-room-duplicate-me?_rsc=ekgln
Requested by
Host: thmflags.gitbook.io
URL: https://thmflags.gitbook.io/_next/static/chunks/9978-293e379e3e1468f4.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c9d1a3f99d160874d0ba493d9726bce65fb23592ec6d0ad953ee154725f8a4f
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-ZWE5ZmE2N2EtMmFhMS00YTNjLThiMmMtMmNjMTBkYjkzNWJh' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

RSC
1
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Next-Url
/difficulty-medium/windows-privesc-arena
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Next-Router-Prefetch
1
Next-Router-State-Tree
%5B%22%22%2C%7B%22children%22%3A%5B%22(site)%22%2C%7B%22children%22%3A%5B%22(content)%22%2C%7B%22children%22%3A%5B%5B%22pathname%22%2C%22difficulty-medium%2Fwindows-privesc-arena%22%2C%22oc%22%5D%2C%7B%22children%22%3A%5B%22__PAGE__%3F%7B%5C%22pathname%5C%22%3A%5B%5C%22difficulty-medium%5C%22%2C%5C%22windows-privesc-arena%5C%22%5D%7D%22%2C%7B%7D%2C%22%2Fthm-walkthroughs%2Fdifficulty-medium%2Fwindows-privesc-arena%22%2C%22refresh%22%5D%7D%5D%7D%5D%7D%2Cnull%2Cnull%2Ctrue%5D%7D%5D

Response headers

x-gitbook-cache
hit
content-encoding
gzip
cf-cache-status
HIT
age
46663
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yzhdwGSaKCSlZwFa%2B0lOjnJ%2BHvp1wbcZYs7Z%2B1wxS%2FKOyEgavhJ9IqTg4GxiJjXRYXbgPxgD0AESkyg3oRrC5hXS%2FqCx2DmIpoOjZ2TZT306tvAy5CT%2B%2Fz2zwm4uHL6FQY86869SDD2udHtap7so"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/[[...pathname]]
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:27 GMT
x-edge-runtime
1
content-type
text/x-component
last-modified
Wed, 06 Nov 2024 14:20:44 GMT
vary
RSC, Next-Router-State-Tree, Next-Router-Prefetch, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.943,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-ZWE5ZmE2N2EtMmFhMS00YTNjLThiMmMtMmNjMTBkYjkzNWJh' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d12af18c326-EWR
server
cloudflare
icon
thmflags.gitbook.io/thm-walkthroughs/~gitbook/
338 B
1 KB
Other
General
Full URL
https://thmflags.gitbook.io/thm-walkthroughs/~gitbook/icon?size=small&theme=light
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::6812:282f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd535672f386c8a9db1c4cf9ff4b48fa46dbfa04c169a017b6fc0121c5a4fea8
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-YjQ0OGNlMWEtNzlmNy00ZTMzLWFjYjYtMTJkOWQ2MjRjNWI0' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena

Response headers

x-gitbook-cache
hit
cf-cache-status
HIT
cf-bgj
imgq:100,h2pri
age
46663
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fMqwjV71TdA0ZUi6aEQIcMdvl7VkDRRnu1Np2x9HieNJRqrr47dcQ3h5aKdS392N9yNCm6huz9%2FjsM9ZZ8C9VGyZZunl%2B8lwKqyvTKw5vJ%2FVbZ6ygvgPAmclEeRangFGrGZxG5PDZRpSZho%2FMveu"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-matched-path
/~gitbook/icon
cf-polished
origFmt=png, origSize=683
alt-svc
h3=":443"; ma=86400
date
Thu, 07 Nov 2024 03:18:27 GMT
content-type
image/webp
last-modified
Wed, 06 Nov 2024 14:20:44 GMT
vary
Accept, Accept-Encoding
cf-placement
local-EWR
strict-transport-security
max-age=31536000
x-gitbook-cache-tag
release-10.9.943,site:site_RbiMb
content-security-policy
default-src 'self' ; script-src 'self' 'nonce-YjQ0OGNlMWEtNzlmNy00ZTMzLWFjYjYtMTJkOWQ2MjRjNWI0' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
cache-control
public, max-age=0, s-maxage=86340, stale-if-error=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-gitbook-version
d48926e
referrer-policy
no-referrer-when-downgrade
cf-ray
8dea2d139fcec326-EWR
server
cloudflare

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunk_N_E object| __next_f function| $RS function| $RC string| __sentryRewritesTunnelPath__ object| SENTRY_RELEASE object| next boolean| __VUE_OPTIONS_API__ boolean| __VUE_PROD_HYDRATION_MISMATCH_DETAILS__ object| GitBook

1 Cookies

Domain/Path Name / Value
.gitbook.com/ Name: __session
Value: cbf3a649-3ecd-4c6d-892c-fd97c5262bddR

1 Console Messages

Source Level URL
Text
javascript warning URL: https://thmflags.gitbook.io/thm-walkthroughs/difficulty-medium/windows-privesc-arena
Message:
The resource https://cdn.iframe.ly/embed.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' ; script-src 'self' 'nonce-ZTg4ZTk0M2QtNWU1My00ZmM2LWFmYTQtODIxYjQyYTFlNDAw' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://ka-p.fontawesome.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com srv.buysellads.com https://ka-p.fontawesome.com; font-src 'self' fonts.gstatic.com ; frame-src *; object-src 'none'; base-uri 'self' ; form-action 'self' ; frame-ancestors https:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.gitbook.com
app.gitbook.com
assets.tryhackme.com
cdn.iframe.ly
gchq.github.io
ka-p.fontawesome.com
thmflags.gitbook.io
www.kali.org
2600:9000:2209:1400:e:e47a:54c0:93a1
2600:9000:23ca:c000:1f:54cc:9ec0:93a1
2606:4700:4400::6812:282f
2606:4700:4400::6812:2844
2606:4700:4400::ac40:92a7
2606:4700::6812:59f
2606:50c0:8003::153
0007dacb56b8759bd82e3b92c7f6bb666a62e03a1311330d4d0b710f62456d69
01a29c1af6218fe03811871b4f1c0a42a74c72c2b640da254da9ec39753cd599
0923585726b1c442b4eea4c6d413f96228a31247249e7693aeea3cd08c6411e0
0c39457c52d0c8e364b6e85f6216840479aafd3840f5e1ec9e3875c114ce095c
0ccdcea4fe26d5195b1ccd7ad0e272c05f9e0deb51029ec1e045e7ecafbe79cd
14438a8fb82a9e8288f05ab19d969a6fd09d43a382b942dd84aab9f6e5979189
1a343fcd6726862cab5cac1a367726b64f88608a95b359c228989a325d21b3d8
1cb9d68bae14f9b0c31c65677ef11728be48303c9a08285484dda51c32111420
20078005f7531ccb7f47eae3f211aad25e16cb3c3aa87ce3cdd4714de12566c0
281ca8b113e43ceee15462d12c383b9535e7edbda733ca483621f4e060af5fa9
292339afa6df803ce7fc3215663b3c22e250c3ee07a8ba221a3f250d66f3c729
2c31595fbcb3631ca241fedc6f12243bf4114e728bf48f01339191c187902693
3399834b5b768f8e51d2cab396be99ce79d6bea36bc8f3224db273c6cd6c67f7
346fed1692a85bb1156a90b9565b80080255b5c033f619875f7f7863be18e022
37a0b32f6af075f1aa61221c26ef829c19fd79275461ba494d26f009388af35c
3e6dafce9cdb0024fcb61013365544ac7e68dd9650f02a6a2c661b303cc980ba
41f90d66e405853ca80d4d66f4bd8ea768a4a85b600ca29773c1c499b1e17933
49f43a93deb58f27dfac81dcc0addcda94ba3e0ecad3b6fdce346bacaa01952c
4c26507ae1cf84aa6e949040721cab6431df3cce653be041c702f6b1b5d8d892
4c780179fdc6281a24a03367341c70e2bd004f4f352299aea60d978ba6845253
64bc2a00d28ef824b977ed1c523138d821eaa4576447153e02de70aacb071147
68b7d1f1fdc4c75723d3cc58a8cfb004e9ca90a6fec482316efbf1abfb3a8b6c
692a37103a655fb5073f243f35d2beec7dcf8516701dd4922a3b184dc7b84ad3
69e2afc79a829861e78aae1b3bfed3e6553cc95e8926377430ca2b37e97589fd
6e86e1238beedf433b5bbb8589f06907ef13f4344cc544b7e0dcc76735103f9e
6e8b19acc79b2357936ef1381c0ea3d34a38c8b73d096da65272b8be1ed41043
741c8a29af6f165d58375d11a067d22e36ae656e441be3ade00048084ed6702f
7ab2a0562e22f0c92b3178ff3d9ca99c14646df6947a180f3e655305c7249f2c
7c9d1a3f99d160874d0ba493d9726bce65fb23592ec6d0ad953ee154725f8a4f
892ae724b5c96561c63af8259bd175ab762d16d3d6a3eef6da8fbeb242a8fed3
93ecee95e214fca0db8373e2613740d7f25014e3a3dee37aa39754ad0d317c85
941c4d5548cf5adaa1197fb640bd098572d37a63de015d3ad65a4e838c2a26ce
95d508ab796b15a6f502d1b8e4bbcaf2126be49826e363555891390af2d00aef
97c7c5fb089f6dd442b91e0a25ab029dfd7e993f1021f3ec54e79e95a0326f26
98222d2a280cd40b1214f296463ec8faf2fa7e700fc202d50822fe10939da3b2
9eeb302edeb3bfeaf0164a9865c2659ba2c0403530fec2b411c1dce2c80350bd
a27cbb2839dbfe68516cdf25f050ab76334bac83349e9a0168d42a20753d41a8
a2b5edbdd84e821da7830e59580a2581cfd2e2bfb01a197c3e9f919b7859fc0a
a65540109ec1e413cd9314ca8e3d8828fc8ea866765c189664e4b95f78307cc4
a9ace726a07c376e50d23fda2552280cc6ae95f391b1abc378fd00d38802f74c
adbf86218cd0cddd2e400deadda66f32ef09a2dba5cd2df4a9873b9ad05c4f0a
b053c1a8d1743d15e13597718631b7f7d8eb96c7d283d071fbdb8b37e5e05fa7
b1e014620a6d492a12df5a2c3f7051af3379fa7dbc612b0b72c0b76671340e06
bf2a6a5f8c28ed6ebddf6fa704ad4f21d95c55a140c124b94dd4bf28b736a654
c3f6b54c642d999cce1a7eec61cd152e354f992deefaa208a1d04a064c402456
c4dd4bcc3833da0f2e095d48c02822a9bcb68f4ee9c015e9bba6d52bbce65f5d
c63c446f7cec55334ce70922d7cea869633b1f7011872ef52dc506477cf5ab93
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec
c9ce0b50d4a4d26f40b25113f0b86015a277c2e9fbde99311e6b60a03fb5094b
d2f2715cdb22c576e1d26df0c0efec36dc098ce0b43d2284a2ad7e27a0abb99f
dbb9c72476b4e1f87d867f153d904405ef55db3e3ccec647ce5409851401d93a
dceef739a3784e7d962af1e9fa3eab86ba71473ef68044f395f456ea6b24587c
e2a968d506fbf01e8f273c31d00d8e17d77dda4d1c9c089baa4a049eb9313b9d
e745a051fade69ed0d6a92fe8f0437d646bafe59a91f3c6654b0c4295c1ed91f
eada73c016775094674c94215fd8248667b11479eeff9c2634e9b903cfb28dc9
f5a21135eee7aaea6067c49dd95606e4d7cd18da50e4adcb9ba7f27f7be48f4f
fd535672f386c8a9db1c4cf9ff4b48fa46dbfa04c169a017b6fc0121c5a4fea8
fdf8a6f64a98ff0195d72acda83feb584d455a97e19559825b017b9353ee653f
fe489d4c9ac52d1c839a81e3d30ba5a571f3c19e6499194cb6a58ca88db74425