elliotonsecurity.com Open in urlscan Pro
2606:4700:3031::6815:40fd Public Scan

Go To Rescan
Add Verdict Report

URL:
https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/
Submission: On November 18 via api (November 18th 2024, 6:07:59 pm UTC) from US — Scanned from DE

Summary HTTP 46 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 46 HTTP transactions. The main IP is 2606:4700:3031::6815:40fd, located in United States and belongs to CLOUDFLARENET, US. The main domain is elliotonsecurity.com.
TLS certificate: Issued by WE1 on November 3rd 2024. Valid for: 3 months.

This is the only time elliotonsecurity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	2606:4700:303... 2606:4700:3031::6815:40fd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	150.230.29.23 150.230.29.23	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
46	2

44 2606:4700:3031::6815:40fd (United States)

ASN13335 (CLOUDFLARENET, US)

elliotonsecurity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 150.230.29.23 (Toronto, Canada)

ASN31898 (ORACLE-BMC-31898, US)

ping.elliotkillick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	elliotonsecurity.com elliotonsecurity.com	2 MB
2	elliotkillick.com ping.elliotkillick.com	2 KB
46	2

	Domain	Requested by
44	elliotonsecurity.com	elliotonsecurity.com
2	ping.elliotkillick.com	elliotonsecurity.com ping.elliotkillick.com
46	2

This site contains links to these domains. Also see Links.

Domain
twitter.com
github.com
t.co
www.hexacorn.com
hex-rays.com
learn.microsoft.com
en.wikipedia.org
www.rapidtables.com
wikipedia.org
www.linkedin.com
news.ycombinator.com
www.reddit.com
ping.elliotonsecurity.com
www.youtube.com

Subject Issuer	Validity	Valid
elliotonsecurity.com WE1	`2024-11-03` - `2025-02-01`	3 months	crt.sh
ping.elliotkillick.com E6	`2024-09-25` - `2024-12-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/
Frame ID: EC4B73C8AF0FFD527866EE81ADBD1B07
Requests: 46 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Living Off the Land: Reverse Engineering Methodology + Tips & Tricks (Cmdl32 Case Study) | Elliot on Security

Page Statistics

46
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2203 kB
Transfer

2546 kB
Size

0
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/ElliotKillick

Search URL Search Domain Scan URL

URL: https://github.com/ElliotKillick

Search URL Search Domain Scan URL

URL: https://twitter.com/hashtag/mimikatz?src=hash&ref_src=twsrc%5Etfw
Title: #mimikatz

Search URL Search Domain Scan URL

URL: https://twitter.com/hashtag/lolbin?src=hash&ref_src=twsrc%5Etfw
Title: #lolbin

Search URL Search Domain Scan URL

URL: https://t.co/fzQLLHRDoM
Title: pic.twitter.com/fzQLLHRDoM

Search URL Search Domain Scan URL

URL: https://twitter.com/ElliotKillick/status/1455897435063074824?ref_src=twsrc%5Etfw
Title: November 3, 2021

Search URL Search Domain Scan URL

URL: https://www.hexacorn.com/blog/2017/04/30/the-archaeologologogology-3-downloading-stuff-with-cmdln32/
Title: Adam's (@Hexacorn) article

Search URL Search Domain Scan URL

URL: https://hex-rays.com/ida-free/
Title: IDA (Interactive Disassembler) Free

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/ras/nf-ras-rasenumconnectionsa
Title: RasEnumConnectionsA

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-lstrcmpia
Title: lstrcmpiA

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Bitwise_operation#Logical_shift
Title: bit shift

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Type_signature#Method_signature
Title: Function signature

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/X86_calling_conventions#Microsoft_x64_calling_convention
Title: "Microsoft x64 calling convention"

Search URL Search Domain Scan URL

URL: https://github.com/SigmaHQ/sigma/blob/6c153bff3f3b5bc7f0edefe430b2a6f903fd98b2/rules/windows/process_creation/proc_creation_win_lolbin_cmdl32.yml
Title: Sigma

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-gettempfilenamea
Title: GetTempFileNameA

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-createfilea
Title: CreateFileA

Search URL Search Domain Scan URL

URL: https://www.rapidtables.com/code/text/ascii-table.html?c=A
Title: ASCII

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Access-control_list
Title: ACLs

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-gettemppatha
Title: GetTempPathA Microsoft documentation

Search URL Search Domain Scan URL

URL: https://wikipedia.org/wiki/Dropper_(malware)
Title: dropper

Search URL Search Domain Scan URL

URL: https://github.com/LOLBAS-Project/LOLBAS/blob/master/README.md
Title: living off the land

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Cat_and_mouse
Title: cat-and-mouse game

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?in_reply_to=1685649836731740162

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/like?tweet_id=1685649836731740162

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/
Title: X / Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/
Title: Hacker News

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?url=https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/
Title: Reddit

Search URL Search Domain Scan URL

URL: https://ping.elliotonsecurity.com:8443/subscription/form
Title: email

Search URL Search Domain Scan URL

URL: https://twitter.com/ElliotKillick?ref_src=twsrc%5Etfw
Title: Follow @ElliotKillick

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@ElliotKillick
Title: YouTube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

46 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 66 KB
20 KB 188ms
131ms Document
text/html 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bae1af1c88719326ad400bc319f7a126e0e5255c54b8475c642ee9de260ddfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8e49e712d8874d95-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 18 Nov 2024 18:07:52 GMT
link: <https://platform.twitter.com>; rel="preconnect"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dLnAqcq59x8OtL%2BW953%2BbXwhaJzPQYvsnyT%2FW3tYsHoYeW6AYhbF4ZaZQ8Pvdz%2B1v7QBKIGg4y8jKODuwHx4A4poEensvhDaAxJz0FIqShOLI3eObDrjA199FIt86y5HG6Iy9c%2Br4cPMIrJ%2B7LLF8dB8Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=23193&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4138&recv_bytes=4496&delivery_rate=590&cwnd=12000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=142&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H3 200 spectre.css
elliotonsecurity.com/spectre/ 44 KB
10 KB 85ms
74ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/spectre/spectre.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba7be9bce0bcdad8aca18cafc9cb6ef41913fb04912ad84ebcc9d526a3de55f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"2847b0075d0f9d034e40a744f349b315"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZQrgTn1jDu7XLYcGDo5qR8QWW1Gs4UUgbiKLawRWh9rW6GzSf%2BxUmOVk9nGqnBbKo7aZx6PPVbYVn9vLVkD2wOfehos9TglxmTz5sB2h%2FY7idEWp60cop6n06UiIMG4l%2FKtUnsgkqA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22496&sent=30&recv=21&lost=0&retrans=0&sent_bytes=24897&recv_bytes=5635&delivery_rate=349372&cwnd=24000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=332&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7149a684d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 theme.css
elliotonsecurity.com/ 35 KB
8 KB 56ms
46ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/theme.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26adb9a4e6e97423083a3144215938b0f3b7b57be38971497483ea738fff52dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"b995540755b4049ccb171636a0597c23"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YxYCUfl9%2BbcJn9f9kVPvnrGRz1PkwW4xBNDgt2EtXQFyH0hlNeeWhy44BGhU777guga6OwRfdTDlkrt6pEXVaN%2BqHAWSzplLpq8OHECurphCrsYTiuLCcZ4doK3dXeEMNsbLtIHL1A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22496&sent=39&recv=21&lost=0&retrans=0&sent_bytes=35517&recv_bytes=5635&delivery_rate=349372&cwnd=24000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=335&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7149a6b4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 cursor.css
elliotonsecurity.com/assets/stylesheets/ 835 B
1 KB 46ms
46ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/cursor.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84482759b2cf7aff58c1a1b41e68a78f35371396800c0ac3b023874e65dc1f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"08a632c8b3056b4f5572b03fef020c01"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whFazPhgB%2BccwWcP3G%2F5lf8GWqAZttLd0YfDcypjK2xcR%2FM6crNU12eg%2F0z1s1QPS30O4CLJ94CfTCc7Z3PQF%2F4TbiqUVpU01%2FFZtEwoUcXrZapH7fDWL3RmUjlRt1N%2BFAq82m1AeA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=56&recv=46&lost=9&retrans=9&sent_bytes=54341&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=500&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abdf4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 obliques.css
elliotonsecurity.com/assets/stylesheets/ 889 B
1 KB 47ms
47ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/obliques.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0ed61ebc5f8ed376a0115f26a148ab25ddb1b7de2c0233b759265c598e1289e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"dfad3af15c1249993c9bf4d93388c8c0"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F8u4HXDDWZZ1EHesSv982x47kx4m6plaiUlTA2nboy3nznDNJQk4PLEY%2BxlejkjyTxRsQzSAq4J84aCNISFTj0gqPHmx7ygqkcblpX90nkdkQKBHBEUWaiBwE3qI7pVvs3wyCrG35A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=64&recv=46&lost=9&retrans=9&sent_bytes=60210&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=505&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abe14d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 curved-underline.css
elliotonsecurity.com/assets/stylesheets/ 327 B
959 B 45ms
45ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/curved-underline.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f404011c4b11635c779684cfe36d7a4f05038612fa1bedbc8de74cfe0f928d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"e364d3dafccbaeb77ecebb644d04243d"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XxNg8W9Q6gw8aNCevs6VLTuja%2FHAtR0gLGRb%2FTf%2FZuI4Pm%2BdKIGcFNd%2Ficnf3InFMHI%2BIHVlkC80krXQ6rNBLktkQs0LLsmOMP1bSqIQDrOjQZl697oonkvH%2FS7Kn6CyjH2FUjv6qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=59&recv=46&lost=9&retrans=9&sent_bytes=56517&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=503&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abe44d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 selection.css
elliotonsecurity.com/assets/stylesheets/ 192 B
894 B 45ms
43ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/selection.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6f6fd016556393bf67d15dd83be5b1e49d06f69d949ad8dc7a37fe47389dca2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"931b9715a96ef0cf617f86f74548b631"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R7G%2BcmM%2FD505xkBmI7FBzv898euw0g3OCSe0LMguHzWKCKDGbAxsuu7fKAUgBff2WvoJqOGcyMvb0%2BWVL%2FJAzL20i0hA2l2Eo3w%2Flw8yTQXf45K3SjZgEi1CwWCqyYhh6LFBGPtgpboGoL7Vn5xgdX2sEA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=58&recv=46&lost=9&retrans=9&sent_bytes=55600&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=502&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abe54d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 toc.css
elliotonsecurity.com/assets/stylesheets/ 1 KB
1 KB 43ms
41ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/toc.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f58e02beaa5783900aada4fba04aa8d5b0f8c557c9eb9299a1debc25755f319b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f0efcc17326e6311a43b9b0c0a52d834"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eJ8WFAZMaEYCRTHkuG0wTm6dmriQpS76WadHwSW3IHXDhRzMiLtgi7tMEhDF9X37Ja40XNCB4%2FicLpVQAeBeBhg%2FkKBfAlHRX96mOl7qRSqbJpuyXHU6BAM5cG6oMDnlJLqHh2wD7g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=60&recv=46&lost=9&retrans=9&sent_bytes=57499&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=503&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abe64d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 alerts.css
elliotonsecurity.com/assets/stylesheets/ 630 B
1001 B 304ms
303ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/alerts.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

623ca54bcecb33583acee5d0be27d7ba8f51ceee230a06e7eb6ff623aaee89ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: MISS
etag: W/"49b68b9b36a4493c54970a024dbe5d59"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3yw0b4w%2BnhG12aZPYaO%2FB0DvAn%2FaNZmrcggZjKBkGQLGN8SRxHq%2BB%2Fb5r6nD9SAZcJSMNPQAs74BwdeTCtjogKg8c62ao%2FlR4jmZI%2BSre8topmf8RYwcoiHseuY%2FEMNnryBNf3aISdBOiLiE2abawxDf3A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29357&sent=78&recv=57&lost=9&retrans=9&sent_bytes=72282&recv_bytes=12182&delivery_rate=334771&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=770&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abe74d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 interaction-buttons.css
elliotonsecurity.com/assets/stylesheets/ 2 KB
1 KB 43ms
42ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/interaction-buttons.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a905d5c17008781b5d051df04283c15a3efb96d26fa1679a5d8b8024c9e1a1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"d374dd5b8ed02066ac3c1fafe65f14d5"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CdY4M%2F%2BMOyvKnUCjTQEhtvqh2w9XbVYf04N9ri%2BlsHkDwFBJYGHE0Y8NeVYguR8%2B0SekupvuBykvp1Jbj%2BFf1mSuSTlOi0yXuukkCKmQxT2SrHf9EiK4esg5J5Z9xpj2z%2BXCyl%2BRxA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=62&recv=46&lost=9&retrans=9&sent_bytes=58920&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=504&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abe94d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 matrix-effect.css
elliotonsecurity.com/assets/stylesheets/ 114 B
843 B 55ms
53ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/stylesheets/matrix-effect.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f760acdf6e58bfedba415b322523edacc86e018e92fe24500f39cfe77b7ab3d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"daa143b781df4d05e89b12b3a887de45"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MBjZ%2BsLintbJR1olV5Wng3NeD6LxQr0f7zHxgF2iswLRJ3qDwbv%2FYFQQBmFYImAHKiFSwVReRj0zeh1xEIeo9L5QRQ77JNBJ3uAGkE4Oiq1fVglRagvhj%2BkRBPbWCznGn0gZKpuu5w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=69&recv=46&lost=9&retrans=9&sent_bytes=65009&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=507&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abea4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 fira_code.css
elliotonsecurity.com/assets/fonts/FiraCode/ 188 B
880 B 44ms
42ms Stylesheet
text/css 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/fonts/FiraCode/fira_code.css

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a73d436c08a5a216d42de7de749702973542c70abc4dceafcd00d8aea8afa547

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"57cfcf87656b8c0b9cd692077dc30b7c"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=78xqCVXvxAeebiNo6XKdV9rhNDFihffA2N5mxOWruTDLL6rQHjzBETSFn7jVHPvKXsHW6dnjM21o%2B66deA%2BedCcgrwj1V7Bfzr%2BYjz9YF7UkLf5c04S97vXLTHsV6iTWJFjeg%2Bo%2B7g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=65&recv=46&lost=9&retrans=9&sent_bytes=61389&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=505&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abed4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 pause-css-cursor-animation.js Show response
elliotonsecurity.com/assets/js/ 811 B
1 KB 44ms
43ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/pause-css-cursor-animation.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec1efcac91dc49ecaabfe970a038eda779c828db468e1eee7165277b17d542af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"2725158ab9b14aba185b04d4da1298de"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3RK%2FeJEjEfYZBw%2Ft9sFjUFi0pKNAWcXQWMx8Dz4JjaFcN4dHlD9SrZvGiFHC2uBaMgnE5abT5TXYzlXI%2FwO4TufZQx66rWCp5%2B2bcfHv69LD%2B5uD80op4Za61tAAotfHG2o12FX26g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=66&recv=46&lost=9&retrans=9&sent_bytes=62292&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=506&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abee4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 text-scramble-effect.js Show response
elliotonsecurity.com/assets/js/ 2 KB
1 KB 63ms
62ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/text-scramble-effect.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c1bba6264239f7f5ec821859557e1f366f30a96c98f94fb2d12fc3ccb7771eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"c7e8a6162a68ac8f7091579cd0bfbf9f"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FRiOoNW56faLOCP0%2FBlKAz3mywBUgAKILDhjhOMaimk9Tg6SjqFiqsu8AMecmQOpBRPuPvYE%2Bvu%2Fc0N6TXvE3VdUs028dxtulF008cYy5jhR2rJkJrLlgoPMmg6tO7G8DNaEAyYs7Yjasq3%2FD2bnU7EaYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=67&recv=46&lost=9&retrans=9&sent_bytes=63473&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=507&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abef4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 matrix-effect.js Show response
elliotonsecurity.com/assets/js/ 4 KB
3 KB 58ms
57ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/matrix-effect.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93b727fada3e56d4e65c67679ced10b943d351be7a07d08192818aecdfb3b891

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"1b7870de430cf1e7faba7d0b1b66ef1a"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ixyH6g0vpoG%2Bfxua8j9tZgEjAbw8uSOK%2F37ITuoqxgvNVmL5Lc%2B5EAdZ1hLrK5K1j1VjxZiUGz%2FK3T03UaZJKmWvk4dlKYMMkSf4fbM4wKlnqKzZxTncJt9ioAQKbGs8Gse%2B00eKZw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=70&recv=46&lost=9&retrans=9&sent_bytes=65875&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=508&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abf04d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H/1.1 200
OK ping.js Show response
ping.elliotkillick.com/js/ 1 KB
2 KB 632ms
121ms Script
application/javascript 150.230.29.23
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://ping.elliotkillick.com/js/ping.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

150.230.29.23 Toronto, Canada, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, private, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
x-content-type-options: nosniff
access-control-allow-origin: *
Content-Length: 1332
Date: Mon, 18 Nov 2024 18:07:53 GMT
Content-Type: application/javascript
Server: nginx/1.18.0 (Ubuntu)

GET
H3 200 analytics-goals.js Show response
elliotonsecurity.com/assets/js/ 814 B
971 B 91ms
90ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/analytics-goals.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f8328303ae7f3703b54401f62ce4eacbcfde64337380e03994b893e98544c67

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ca512d091c89afc51a5cacb0b7c2e2d7"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whZf1H3QAgjPn6oYiI7gg0ADnFcsvp3ttd5fj9R%2FOJoct8A7GVWpQhyWlwtZW2lP%2F11VgQIuKdroZHiIL3ZKFTF3M8ivRyJPrz1KLuuE5sJYqgA7ynKsoigsmWltbYmcMhl8yjY0TA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=76&recv=46&lost=9&retrans=9&sent_bytes=71141&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=513&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abf14d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 lazy-twitter-embeds.js Show response
elliotonsecurity.com/assets/js/ 1 KB
1 KB 78ms
77ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/lazy-twitter-embeds.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cabfc060a5432435c91a6727f23ca38dd1579950f8088828d275a3b0320d378

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"468b55fa064768e46e68fe86a52bb39d"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2FR3Hoe%2BelwobWeUA5nTN6ygirw3Dv%2FGVOf1kCVbkGqV%2FIX4SgEHMxVTjmOsCiFc4q%2BPBYdUnujNFJ%2FdfnAl6vVBgZs65IO2JSwsFULSq1maPOtUwKbCdra%2BoQnZNOYsrNVd8z7uaw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=75&recv=46&lost=9&retrans=9&sent_bytes=69942&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=508&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abf24d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 consolas-font-hack.js Show response
elliotonsecurity.com/assets/js/ 935 B
1 KB 70ms
69ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/consolas-font-hack.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4eb2aae1ba3c7dda4d72a7a6861254731a7fafb76a0ada5f48d7d5bae4064e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"0d761c20b7f4f045a9a716e9b7e74c47"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTRLaabPanrtQ6e3gfJjEq1JbIUYxEFGKuPD%2F4nP6M1NKtXUKl7UzzFNxw0SWelt05gC6YxKRLy3mwnZ7OqJrDb00PZHcSdxWX3V%2Fz3U12qdbUGW55EWUdsH%2F6qeLwGoWEc%2Fw9pY5A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=73&recv=46&lost=9&retrans=9&sent_bytes=68598&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=508&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abf34d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 system32-directory-listing-with-cmdl32.a0d06d70f6dcac62.png
elliotonsecurity.com/processed_images/ 457 KB
458 KB 81ms
80ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/processed_images/system32-directory-listing-with-cmdl32.a0d06d70f6dcac62.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

acec5091356593235e99337a7aec37c3b7945206906904da018167bc2e318df6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "347662fc6ac98efa9b1dd56096ed76cc"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FRdkTL3qP0DoWa7Ncc%2BcXP%2BkYUHsYTzNH0ypcGYoCx0RS3qM0FKw6xAIYFFcrwGN6G5Ml4Ch1rCQ7fRYPYQ6I9L9xLJeoypROiRslTrmKZ6KJL%2BNgtB7htcKxpNYpPL8LehkdOnq3w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25798&sent=106&recv=78&lost=9&retrans=9&sent_bytes=98204&recv_bytes=20279&delivery_rate=236079&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=852&x=1", cfExtPri, cfHdrFlush;dur=1
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e614d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 467636
server: cloudflare

GET
H3 200 cmdl32-icon.ico
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 786 B
1 KB 81ms
80ms Image
image/vnd.microsoft.icon 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/cmdl32-icon.ico

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8c6f6a939ab8d95338b5cc6036f15bf3ba179491e13660b6fe4ffd28a0396af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"efa5598647b4fb8d515b25ba2739e7a1"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NTp%2F7EJL2zmKtcVpD%2BvNxd%2FTu51FgisIOKW7%2F5XqR%2FX9wKYaUxGhmAEcNSSmvD9fw93TEwG24cu1ALDTUaq0kfG3uvFh4NlCnFsukuDZEaKlGXlCDexZeIxEDnSbVzaFxvQlmP2HhDERXFipWDusyY2Yng%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25798&sent=100&recv=78&lost=9&retrans=9&sent_bytes=94142&recv_bytes=20279&delivery_rate=236079&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=843&x=1", cfExtPri, cfHdrFlush;dur=10
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/vnd.microsoft.icon
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e634d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 parse-command-line.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 143 KB
144 KB 57ms
56ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/parse-command-line.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13d4e93146240f7ae9d87602bb5f357c1b283da3c28f27cdac549011fc56c1fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "bf73577afd2b11a57be5966594ab19e5"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2F9Has6IfEmixX9gRNYQoFCKh9xZvc1zAIo%2BvyjQ3pi8474B2fFk%2FtrP%2Fu94xKE%2B5dxEDHNCoezqhdhna7LEtuzzi1Abm6SqH1r848uXd%2BfSefoTWd1X71Z6bv2DMoIBQG%2Bwa3%2FQCKVNFtPlM63fZwnOAw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28114&sent=88&recv=74&lost=9&retrans=9&sent_bytes=81404&recv_bytes=20103&delivery_rate=39171&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=834&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e684d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 146910
server: cloudflare

GET
H3 200 option-strcmp.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 77 KB
78 KB 63ms
62ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/option-strcmp.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0157f99abecdb92064c2f58423e689854703722e7115963742beb2466c5c1669

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "7eab7a6ebb9206d669de4d3f74996900"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lyzl5TE7J8583gcC4Aw0elaraExCwktwW6c46pyzwkcHUCpoX8xApX4TfGyx4Olav3Z4AzUvnrgdJD8PcNlkkLZ3cXVyMcIbv7kGbkK30RbFbYoZ6OtWpjEmxdAMH%2B4J4q40VKb6NiHMLxJdolWsWyyoag%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28114&sent=96&recv=74&lost=9&retrans=9&sent_bytes=90130&recv_bytes=20103&delivery_rate=39171&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=837&x=1", cfExtPri, cfHdrFlush;dur=2
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e694d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 78729
server: cloudflare

GET
H3 200 vpn-option-branch.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 37 KB
37 KB 70ms
69ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/vpn-option-branch.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fffd561439c13acbe2ea99a487760b142e703c41dd739dd39ded813ee4828fd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "20b9204934c6f5b46d1bd2a3c939a69d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TbidqGJtZVjOiDRm72njZeAJwHZ9dEsrAG8Skuv38%2FkrbJA5ev%2BUzJ6Deur1D%2FCBTdILfmj6m8qNcIULVC9O51hsfBnf3Q5JNhKf0xtPjGffUABuY9C1VNmudQMBJDULfhJwqiG5bhtzZH6U86V%2FHMQAWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28114&sent=96&recv=74&lost=9&retrans=9&sent_bytes=90130&recv_bytes=20103&delivery_rate=39171&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=839&x=1", cfExtPri, cfHdrFlush;dur=4
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e6b4d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 37570
server: cloudflare

GET
H3 200 bit-shift-lan-argument.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 30 KB
31 KB 103ms
102ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/bit-shift-lan-argument.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2f72d4a41a11aca49660a95dbf47a754768dc71945ac306c9129a804c4dbf0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "591e0c80b5d76250e5e5cce80ec7cff0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9gUvgSZQRb0sVcwiBNI9zvUehkvzWy33zBJf9DFR82gr30J5SGUHS%2FLUiUAnNGAbpfizFCeOQOFhJ1%2BlJvprUgXBbutfpG3We6TY8sUl%2F8OxzLVSVayI2XzvzA7BbKNywk6DeRO1j2lgAUL6ORk7ja2Ffw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24847&sent=124&recv=87&lost=9&retrans=9&sent_bytes=116204&recv_bytes=20675&delivery_rate=445145&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=865&x=1", cfExtPri, cfHdrFlush;dur=13
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e6d4d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31030
server: cloudflare

GET
H3 200 lan-option-branch.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 174 KB
175 KB 113ms
112ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/lan-option-branch.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebf84c7bbbd7f05eb796674ca08fc6f14f3b5afff8316e14af92acd8fa69fa19

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "36a92c51d5ba4d7fb36533318ff0c73f"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QksBqzWiF%2BiotFsxJwrE69cmgGfpsIgSgRT7VakOh9XODmqRD2rE%2B%2FW5kfkJNtwIAvYF7r5GvnlShd2xnBSQvPj6Ky8TzuVDkgzYAFvEUZ7CcsJTOwimu9lncNunh30aDcuBqGAAczQVpKnWqRRwKw3A%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24847&sent=124&recv=87&lost=9&retrans=9&sent_bytes=116204&recv_bytes=20675&delivery_rate=445145&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=867&x=1", cfExtPri, cfHdrFlush;dur=16
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e6f4d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 178331
server: cloudflare

GET
H3 200 update-url.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 17 KB
17 KB 67ms
65ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/update-url.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22a82198130779164f1587323180e5ab7b26d6310ca27d29656df323abddceb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "69610f47a8432f9ac9ec3eca920a7b26"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vAmwBeBQrw7KVU8WOzvprIU9UwVBCq25gcLYUMiGCSSmStIKxPpTGNZP8QojHdqTZqMq4tjlQ1LH8oBvLfqm%2BiV1W6yw1hr9F%2FLJaLZFToYU%2Fqvi%2BMeUvDmTfZJjWHbwpXLT0RclWvRzkfI3lL551o1D%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28114&sent=96&recv=74&lost=9&retrans=9&sent_bytes=90130&recv_bytes=20103&delivery_rate=39171&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=839&x=1", cfExtPri, cfHdrFlush;dur=4
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e704d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17071
server: cloudflare

GET
H3 200 temp-file.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 327 KB
328 KB 123ms
122ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/temp-file.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67e815720f66ea380b0e84f920ce5a95b489492906533787e1a39fcf5c24162f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "0d5f6386def8824789afcfb25a7fa9ba"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qkFqcbE3tSksiaKEE7sAtFPaENG5HJPkFINo%2BdVmwAMvObSZKV1aeR0vGbvoARNlXPSEw26WF5j7oHDDUE%2FXZAW89Ot%2BeULuhpJ9QjGI6mmtd0C43MgXafrtPjXcXAANfAYRdF14imlqZ6QOD6weKyXfg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24847&sent=125&recv=93&lost=9&retrans=9&sent_bytes=116229&recv_bytes=22764&delivery_rate=445145&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=873&x=1", cfExtPri, cfHdrFlush;dur=16
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e724d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 334553
server: cloudflare

GET
H3 200 winhttp.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 253 KB
254 KB 77ms
76ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/winhttp.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5fd89384dd56c2d052f1569b34a47b38c5212e25a0eb6984b7be5c9e10dfcd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "64f93069bd07ca5de5977fcf105b545e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OqABNK5P4e6KyuGKA%2Bi0C4nWIISuPe49yqA33%2FsFDC21olu5hpTpII2mDTeljf7T9hw1qMKT2KEqskWZak8yWSdTVM9A9DiY0v4%2BaDcCH65Jd7gkfyO6PdmsY8zS3iGEhjaNr2vUKdD5KKDNnSZA7sR%2BYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25798&sent=106&recv=78&lost=9&retrans=9&sent_bytes=98204&recv_bytes=20279&delivery_rate=236079&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=852&x=1", cfExtPri, cfHdrFlush;dur=1
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e734d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 258842
server: cloudflare

GET
H3 200 strings.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 62 KB
63 KB 125ms
124ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/strings.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ba83e4d230bdc3676281cae5c99f32e0e2617d3e0ab172a59483fa60b4b8d83

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "b27c397f09e1e36b74c1949a32d15ab7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yNjprMuI4vTjuEhMVZm5xVShOZTiGICsMgR%2B3QYn1K5UKZaadPXpoVUkFnxQt1Gekx8epUqemz0WvtSaNCoe2y013WUlHZpLyksl4EZktXxSg7A0vQeVojFHsxoV%2FJ7ZBmCB88lPJEI3kkUpGUeLl3gQyA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24847&sent=124&recv=87&lost=9&retrans=9&sent_bytes=116204&recv_bytes=20675&delivery_rate=445145&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=867&x=1", cfExtPri, cfHdrFlush;dur=33
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e764d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 63613
server: cloudflare

GET
H3 200 packet-capture.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 51 KB
52 KB 78ms
77ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/packet-capture.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

318003123a3db8e5b9c0a22228514cadc9e1e35bd622190a0ab8b6d6739dd1a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: MISS
etag: "e5ade377285aa71be82b6937da76adf3"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FI%2B3%2FNkpOQNFDgZr3R7V1PKgjLLx5hDNIk5JzU6jmLyXqOOz0vhH6Sg5fpr6Wvn1nR%2BJXOO2W7t9lcZyOC0jCtHylsd7G7HfYNWqAfw1Z6vjfxOVuaWxM1Ij2NKc4KwWc7gUIFJr%2BVFviibHdHZm6X0jtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25798&sent=106&recv=78&lost=9&retrans=9&sent_bytes=98204&recv_bytes=20279&delivery_rate=236079&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=850&x=1", cfExtPri, cfHdrFlush;dur=3
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e774d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 51997
server: cloudflare

GET
H3 200 detect-vpn-servers-profile.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 46 KB
46 KB 79ms
78ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/detect-vpn-servers-profile.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3adfe5413e0594ae2a97d45c2097a856b7b9ffd919c8f1d91bf9952b6ee6ffd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "d04629d366b9c49de9bbeb15893ea3d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sAqCFWcIq11CK7lvlB5JzAAk7pYaxRxHS0EKXBssFTdHCwU847S1%2F0GXTUJwPytrw%2FpSR8y0SvwKgGLI07p6IMTbF1QeG0zpnw5W%2BbleyC93yWuqkdJhv6zPHcHUYc3BQp0Wo1ACL5tWt%2Fxw9SJjKi2Blg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25798&sent=106&recv=78&lost=9&retrans=9&sent_bytes=98204&recv_bytes=20279&delivery_rate=236079&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=845&x=1", cfExtPri, cfHdrFlush;dur=8
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e794d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46709
server: cloudflare

GET
H3 200 delete-file.png
elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/ 35 KB
36 KB 67ms
66ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/delete-file.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d35734ebf431a62c38be4a37d1e7c4371261af7175e71495d4775c494d45af6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: REVALIDATED
etag: "d44fecba813b0fcab4d91fc4dcdaa10d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BYp7P6zEKS6BelfE5xpF6521%2FknU1uf86nHMZfhJe6Ail%2BnvTkrrNrOAzb5XkDaAXHIt8yiNzB5auOANL3mqL64GSrzkZjuivZiRFmhrYqNQti8vtg%2Fq9duW4t0ft%2F1ynQKdt1wP0xdmtKyNp1cxdO4uuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28872&sent=98&recv=75&lost=9&retrans=9&sent_bytes=92323&recv_bytes=20147&delivery_rate=64122&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=842&x=1", cfExtPri, cfHdrFlush;dur=1
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e7a4d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 35901
server: cloudflare

GET
H3 200 circle-info-solid.svg
elliotonsecurity.com/assets/images/alert-icons/ 408 B
969 B 42ms
41ms Image
image/svg+xml 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/assets/images/alert-icons/circle-info-solid.svg

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4f0404e042b77ca6485009a8bde286d53dd2ab83599efd0381a9f35244b77c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"68fb06400b0f7f29e87835fb999be690"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2FE%2Br7oArQBpNPXkkUOrfOpMiyhxdSQR02SrE8avl51dN20fpsrl4s7p4Om%2BYMoTlpJWVjTyynNpFmXm5aq4nokULhZFrfp4Qixz0QujKQpvhd6n2SuIxD2AR8x55nB%2B4XR7BhKoYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28114&sent=80&recv=74&lost=9&retrans=9&sent_bytes=73330&recv_bytes=20103&delivery_rate=39171&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=819&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/svg+xml
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e7b4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 avatar.png
elliotonsecurity.com/ 5 KB
5 KB 46ms
46ms Image
image/png 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/avatar.png

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81c5b62c59fdb98fd9a35e27812cac61aded9ebcedf7de794666654dd9abbe4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

cf-cache-status: HIT
etag: "ffe59346a24fdfd561730e2700adc975"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wx2iY1C2S7V6PeDYBF7LMRVJ6jB7qrVK7Vx4RwvUlQde0jkQuoZ3MGcnLUh5L%2FpPciqBWRvBPWn8acRbP9pRzMqOqvOMddP1XKjgCAVB2GwdT351g5c%2FZctxrB3TbAOmHDfyEfmxJA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28114&sent=83&recv=74&lost=9&retrans=9&sent_bytes=75764&recv_bytes=20103&delivery_rate=39171&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=823&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/png
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e7d4d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4808
server: cloudflare

GET
H3 200 verified.svg
elliotonsecurity.com/assets/images/ 2 KB
1 KB 43ms
42ms Image
image/svg+xml 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://elliotonsecurity.com/assets/images/verified.svg

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

562a231a9746a07b0a9796d50c234469da053de2e26878638159cc19d8aef415

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"23aea14c56ce68d77bf2831aee506017"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=70f%2FWFssHAjxf8w276XyWm59YBj9vJBzjtwMLlNdFgIQlORQ8UN46W%2F3kMEUPwylKDG7RhavZZaoUkti0uf5tuVwirszQLqTILFWkZuSNLQP%2BrypTpre4qggOngYuGJKOSu1z8D9uA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28114&sent=81&recv=74&lost=9&retrans=9&sent_bytes=74323&recv_bytes=20103&delivery_rate=39171&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=820&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: image/svg+xml
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7179e7e4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 consolas-font-hack.js Show response
elliotonsecurity.com/assets/js/ 935 B
0 1ms
1ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/consolas-font-hack.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4eb2aae1ba3c7dda4d72a7a6861254731a7fafb76a0ada5f48d7d5bae4064e99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"0d761c20b7f4f045a9a716e9b7e74c47"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTRLaabPanrtQ6e3gfJjEq1JbIUYxEFGKuPD%2F4nP6M1NKtXUKl7UzzFNxw0SWelt05gC6YxKRLy3mwnZ7OqJrDb00PZHcSdxWX3V%2Fz3U12qdbUGW55EWUdsH%2F6qeLwGoWEc%2Fw9pY5A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27915&sent=73&recv=46&lost=9&retrans=9&sent_bytes=68598&recv_bytes=11705&delivery_rate=266519&cwnd=16800&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=508&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e715abf34d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 Montserrat-Bold.ttf
elliotonsecurity.com/assets/fonts/ 193 KB
86 KB 68ms
63ms Font
font/ttf 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/fonts/Montserrat-Bold.ttf

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/theme.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

189aeb285be99f0b58e454dd2dc3cbf34a6db844a9ef26ebc5909178ff77c5be

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://elliotonsecurity.com
Referer: https://elliotonsecurity.com/theme.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"74b9cb950b35807abb4b0f42aa7d032f"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dua6%2FYUeRcxxiE9TcBTa36%2BQiNA0X3gJhF1fXs4ROC58tgoogvDN2mEVOo4TLS6sJaf2R12tcdT8mirmmpCvYvmgS7gATtgE13JATyTgwVO3u%2FRT%2BjZa%2FUt4Gh3G4tTPyXqe22zGGw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24175&sent=135&recv=94&lost=9&retrans=9&sent_bytes=127355&recv_bytes=22808&delivery_rate=482213&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=882&x=1", cfExtPri, cfHdrFlush;dur=27
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: font/ttf
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7180eff4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 Cantarell-Bold.otf
elliotonsecurity.com/assets/fonts/Cantarell/ 101 KB
66 KB 76ms
71ms Font
font/otf 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/fonts/Cantarell/Cantarell-Bold.otf

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/spectre/spectre.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79717a71223a303da90db571cfd5e4f02e7ed2e570dbe24053b4b1822388ef9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://elliotonsecurity.com
Referer: https://elliotonsecurity.com/spectre/spectre.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"0f4ce56ac76b588bbafbdc8be5a7c14e"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uWoghqcE4O0kBgBCwSV96rdTDyxvvuOlIGcYtMmDOr1V7PI0XGL3RAWsX3n53yyVzbQqtJcMZeoOnGv96Mspm4L4vrYeKYRSo4BcijxGg5z89EUBmnNWNYFXKFWQDLP5Y7XAYA%2Fa9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24175&sent=135&recv=94&lost=9&retrans=9&sent_bytes=127355&recv_bytes=22808&delivery_rate=482213&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=882&x=1", cfExtPri, cfHdrFlush;dur=32
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: font/otf
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7180f054d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 Cantarell-Regular.otf
elliotonsecurity.com/assets/fonts/Cantarell/ 98 KB
64 KB 78ms
72ms Font
font/otf 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/fonts/Cantarell/Cantarell-Regular.otf

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/spectre/spectre.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a92f23cdd2b428b228aae94f2f25cf64a5d2c1287a4a3d638a3866fe52a2613c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://elliotonsecurity.com
Referer: https://elliotonsecurity.com/spectre/spectre.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"90e8154dbb721f53e6b81cb6fb3565df"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r32YhzeTkPgRpLQNPliM%2F4PDWR55VniP0hN5FaTzM0%2Bpdgz6VgzX6rNNHDfZ6hiqKGR%2F%2BQVYhZzvplQTg%2BSSmaAfo9C6e73WI7EIm2%2BsiWMOHpahoBFTGFP0zpu%2Bo%2Bb3I3Cj4GjR01bYyiqPlu%2FCIVXSow%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24307&sent=145&recv=96&lost=9&retrans=9&sent_bytes=135429&recv_bytes=22897&delivery_rate=687072&cwnd=19200&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=893&x=1", cfExtPri, cfHdrFlush;dur=27
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: font/otf
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7180f094d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 MadHacker.ttf
elliotonsecurity.com/assets/fonts/ 56 KB
25 KB 101ms
96ms Font
font/ttf 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/fonts/MadHacker.ttf

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/theme.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ec68c4b31ed94e5afb6e4d7422de8d48e8ea540a8a3b3defbd4e96df1d02dee

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://elliotonsecurity.com
Referer: https://elliotonsecurity.com/theme.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"d3081fb4959ab7dfe176d3129c128071"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5wDLS3E6i4A5TBmAxQiq92cfusQVmhEhOfSH0QQND9XQ093MfmWvRNS2Td3VkmbpqzVnp3YnX8IH4DCYejL071MUSHV3gS2%2FzKuwKQzE2GmW9zDA2Szq5Y9am1Q8PV%2FfIz3y6tFlbA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24282&sent=137&recv=95&lost=9&retrans=9&sent_bytes=129548&recv_bytes=22852&delivery_rate=817610&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=884&x=1", cfExtPri, cfHdrFlush;dur=56
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: font/ttf
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7180f0e4d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 Cantarell-ExtraBold.otf
elliotonsecurity.com/assets/fonts/Cantarell/ 103 KB
67 KB 102ms
97ms Font
font/otf 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/fonts/Cantarell/Cantarell-ExtraBold.otf

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/spectre/spectre.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

908c0fcf954e0557b887a95e9b5bbae7bb92ad72bec54c72c71a4f242e8f72c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://elliotonsecurity.com
Referer: https://elliotonsecurity.com/spectre/spectre.css

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f3855a6e1be70992cb2ab23aad50be4b"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QCTDNJcyjypBBV3GasMYkQ8D%2BSr14vjRhCyevHM4E7TDHIfqDmUQYXLebptM%2FD9Q9QTziEq341LnvUN3yQt0VMSm1KrWclKPMk14mG07Fhj7kGA1mv12aZ%2BKxzJI9KwX0cz33U0LQA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24175&sent=135&recv=94&lost=9&retrans=9&sent_bytes=127355&recv_bytes=22808&delivery_rate=482213&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=883&x=1", cfExtPri, cfHdrFlush;dur=59
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: font/otf
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7180f104d95-FRA
access-control-allow-origin: *
server: cloudflare

GET
H3 200 FiraCode-Regular.woff2
elliotonsecurity.com/assets/fonts/FiraCode/ 101 KB
102 KB 107ms
102ms Font
font/woff2 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/fonts/FiraCode/FiraCode-Regular.woff2

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/assets/fonts/FiraCode/fira_code.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6ce59520b90e15d7062ffef214f94c8add5a4085c0bbb1683602ef227a4d1fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://elliotonsecurity.com
Referer: https://elliotonsecurity.com/assets/fonts/FiraCode/fira_code.css

Response headers

cf-cache-status: HIT
etag: "10b43dd79948ee0b57968d34d037644a"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y9ShIgEgSHOB2z6Vo8KDKbxSXAHBfiY6K83MwVQa9CCbIME%2BoltJ0QSGNO7TQTOb%2BHQcjJjJTFsJyFiC2lhyq4s8bpQX2KFNiL%2BmDbedusOksx%2Bi8VSM5Rg5UVYh%2B58uRVSP339anQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24282&sent=137&recv=95&lost=9&retrans=9&sent_bytes=129548&recv_bytes=22852&delivery_rate=817610&cwnd=18000&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=884&x=1", cfExtPri, cfHdrFlush;dur=62
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: font/woff2
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7180f124d95-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 103240
server: cloudflare

GET
H3 200 menu.js Show response
elliotonsecurity.com/assets/js/ 622 B
1019 B 477ms
473ms Script
application/javascript 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/js/menu.js

Requested by

Host: elliotonsecurity.com
URL: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f27018a663a07d0a83f7a7584149b9179bab29a08ef87154a2756359910150f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"5a1a4578ec256b06f03f27020262e28b"
age: 1886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fTEZihpLZSmLY3sTlE0i7Zvo7OSXgqsACdzQGH1Yqe%2ByoyIsD3XjG7lg5rWY9Tw4GPcWtzhl4SKx4yJeF8VdwFXuS6XiKpd%2BD9Zv%2F2fRQIuLBYmE9rTd0VtavS2dDmAfjTpw865N6w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26639&sent=214&recv=107&lost=9&retrans=9&sent_bytes=206555&recv_bytes=23717&delivery_rate=843467&cwnd=20400&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=982&x=1", cfExtPri, cfHdrFlush;dur=8
date: Mon, 18 Nov 2024 18:07:53 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e718afee4d95-FRA
access-control-allow-origin: *
server: cloudflare

POST
H/1.1 202
Accepted event Show response
ping.elliotkillick.com/api/ 2 B
372 B 374ms
132ms XHR
text/plain 150.230.29.23
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://ping.elliotkillick.com/api/event
Requested by: Host: ping.elliotkillick.com
URL: https://ping.elliotkillick.com/js/ping.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 150.230.29.23 Toronto, Canada, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://elliotonsecurity.com/

Response headers

x-request-id: GAkiU62m_0ft4qMAhCvy
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-origin: *
Content-Length: 2
Date: Mon, 18 Nov 2024 18:07:54 GMT
Content-Type: text/plain; charset=utf-8
Server: nginx/1.18.0 (Ubuntu)

GET
H3 200 favicon.ico
elliotonsecurity.com/assets/icons/ 15 KB
8 KB 100ms
100ms Other
image/vnd.microsoft.icon 2606:4700:3031::6815:40fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elliotonsecurity.com/assets/icons/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:40fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96e535a52876598e68a1bb34faafc33e6ea2b14965841aeadd720d8cf50632a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://elliotonsecurity.com/living-off-the-land-reverse-engineering-methodology-plus-tips-and-tricks-cmdl32-case-study/

Response headers

content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"dbb9d49c557241a5654d759c18c0e54a"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IEIvkUUntSu8QSxPE2kmZoYvzoVgTZaVpeWDblPG8qU84Ii8XYcN1aB2JmnMfBdgSRQWuzejsn46fs5oF0hlTgll8jevE5TKX8f0NZHQoiNTNRhkEr96sJT1ntXkj1OxjGPKeCB3tA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24925&sent=2032&recv=348&lost=11&retrans=11&sent_bytes=2316672&recv_bytes=35013&delivery_rate=2112326&cwnd=67200&unsent_bytes=0&cid=266d5e079dbfb8b5&ts=2426&x=1", cfExtPri, cfHdrFlush;dur=0
date: Mon, 18 Nov 2024 18:07:55 GMT
content-type: image/vnd.microsoft.icon
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e49e7214a404d95-FRA
access-control-allow-origin: *
server: cloudflare

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

elliotonsecurity.com
ping.elliotkillick.com
150.230.29.23
2606:4700:3031::6815:40fd
0157f99abecdb92064c2f58423e689854703722e7115963742beb2466c5c1669
13d4e93146240f7ae9d87602bb5f357c1b283da3c28f27cdac549011fc56c1fa
189aeb285be99f0b58e454dd2dc3cbf34a6db844a9ef26ebc5909178ff77c5be
1a905d5c17008781b5d051df04283c15a3efb96d26fa1679a5d8b8024c9e1a1f
1ec68c4b31ed94e5afb6e4d7422de8d48e8ea540a8a3b3defbd4e96df1d02dee
22a82198130779164f1587323180e5ab7b26d6310ca27d29656df323abddceb1
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26adb9a4e6e97423083a3144215938b0f3b7b57be38971497483ea738fff52dd
2c1bba6264239f7f5ec821859557e1f366f30a96c98f94fb2d12fc3ccb7771eb
2f8328303ae7f3703b54401f62ce4eacbcfde64337380e03994b893e98544c67
318003123a3db8e5b9c0a22228514cadc9e1e35bd622190a0ab8b6d6739dd1a4
3adfe5413e0594ae2a97d45c2097a856b7b9ffd919c8f1d91bf9952b6ee6ffd6
4ba83e4d230bdc3676281cae5c99f32e0e2617d3e0ab172a59483fa60b4b8d83
4eb2aae1ba3c7dda4d72a7a6861254731a7fafb76a0ada5f48d7d5bae4064e99
562a231a9746a07b0a9796d50c234469da053de2e26878638159cc19d8aef415
5f404011c4b11635c779684cfe36d7a4f05038612fa1bedbc8de74cfe0f928d7
623ca54bcecb33583acee5d0be27d7ba8f51ceee230a06e7eb6ff623aaee89ff
67e815720f66ea380b0e84f920ce5a95b489492906533787e1a39fcf5c24162f
6bae1af1c88719326ad400bc319f7a126e0e5255c54b8475c642ee9de260ddfa
6d35734ebf431a62c38be4a37d1e7c4371261af7175e71495d4775c494d45af6
79717a71223a303da90db571cfd5e4f02e7ed2e570dbe24053b4b1822388ef9f
7cabfc060a5432435c91a6727f23ca38dd1579950f8088828d275a3b0320d378
7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9
81c5b62c59fdb98fd9a35e27812cac61aded9ebcedf7de794666654dd9abbe4f
84482759b2cf7aff58c1a1b41e68a78f35371396800c0ac3b023874e65dc1f65
908c0fcf954e0557b887a95e9b5bbae7bb92ad72bec54c72c71a4f242e8f72c3
93b727fada3e56d4e65c67679ced10b943d351be7a07d08192818aecdfb3b891
a6ce59520b90e15d7062ffef214f94c8add5a4085c0bbb1683602ef227a4d1fe
a73d436c08a5a216d42de7de749702973542c70abc4dceafcd00d8aea8afa547
a92f23cdd2b428b228aae94f2f25cf64a5d2c1287a4a3d638a3866fe52a2613c
acec5091356593235e99337a7aec37c3b7945206906904da018167bc2e318df6
b6f6fd016556393bf67d15dd83be5b1e49d06f69d949ad8dc7a37fe47389dca2
b96e535a52876598e68a1bb34faafc33e6ea2b14965841aeadd720d8cf50632a
ba7be9bce0bcdad8aca18cafc9cb6ef41913fb04912ad84ebcc9d526a3de55f9
c0ed61ebc5f8ed376a0115f26a148ab25ddb1b7de2c0233b759265c598e1289e
c2f72d4a41a11aca49660a95dbf47a754768dc71945ac306c9129a804c4dbf0a
c4f0404e042b77ca6485009a8bde286d53dd2ab83599efd0381a9f35244b77c8
c8c6f6a939ab8d95338b5cc6036f15bf3ba179491e13660b6fe4ffd28a0396af
e5fd89384dd56c2d052f1569b34a47b38c5212e25a0eb6984b7be5c9e10dfcd5
ebf84c7bbbd7f05eb796674ca08fc6f14f3b5afff8316e14af92acd8fa69fa19
ec1efcac91dc49ecaabfe970a038eda779c828db468e1eee7165277b17d542af
f27018a663a07d0a83f7a7584149b9179bab29a08ef87154a2756359910150f1
f58e02beaa5783900aada4fba04aa8d5b0f8c557c9eb9299a1debc25755f319b
f760acdf6e58bfedba415b322523edacc86e018e92fe24500f39cfe77b7ab3d2
fffd561439c13acbe2ea99a487760b142e703c41dd739dd39ded813ee4828fd5

elliotonsecurity.com Open in urlscan Pro 2606:4700:3031::6815:40fd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

46 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

2203 kBTransfer

2546 kBSize

0 Cookies

31 Outgoing links

Redirected requests

46 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

elliotonsecurity.com Open in urlscan Pro
2606:4700:3031::6815:40fd Public Scan

Screenshot
Live screenshot

Full Image

46
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2203 kB
Transfer

2546 kB
Size

0
Cookies

46 HTTP transactions
0 data transactions