0x00sec.org Open in urlscan Pro
2606:4700:30::6812:3130 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Submission: On December 06 via api (December 6th 2019, 2:29:10 pm UTC) from US

Summary HTTP 62 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 62 HTTP transactions. The main IP is 2606:4700:30::6812:3130, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is 0x00sec.org.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on September 2nd 2019. Valid for: 6 months.

This is the only time 0x00sec.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
45	2606:4700:30:... 2606:4700:30::6812:3130	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	52.216.184.229 52.216.184.229	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2606:4700::68... 2606:4700::6811:91a	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 3	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
11	52.217.36.124 52.217.36.124	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
62	7

45 2606:4700:30::6812:3130 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

0x00sec.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.216.184.229 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:91a (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

instant.page	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.217.36.124 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

0x00sec.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	0x00sec.org 0x00sec.org	863 KB
13	amazonaws.com s3.amazonaws.com 0x00sec.s3.amazonaws.com	184 KB
3	google-analytics.com 1 redirects www.google-analytics.com	18 KB
1	doubleclick.net stats.g.doubleclick.net	136 B
1	instant.page instant.page	1 KB
62	5

	Domain	Requested by
45	0x00sec.org	0x00sec.org
11	0x00sec.s3.amazonaws.com	0x00sec.org
3	www.google-analytics.com	1 redirects 0x00sec.org
2	s3.amazonaws.com	0x00sec.org
1	stats.g.doubleclick.net	0x00sec.org
1	instant.page	0x00sec.org
62	6

This site contains links to these domains. Also see Links.

Domain
init.0x00sec.org
www.hackerone.com
www.bleepingcomputer.com
docs.microsoft.com
0x00sec.s3.amazonaws.com
github.com
medium.com
blog.reversinglabs.com
lolbas-project.github.io

Subject Issuer	Validity	Valid
sni52363.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-02` - `2020-03-10`	6 months	crt.sh
s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2020-12-02`	a year	crt.sh
ssl761888.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-14` - `2020-03-22`	6 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-05` - `2020-01-28`	3 months	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2021-03-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Frame ID: 7C44491F18E34CE2F24880F539D94D37
Requests: 63 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Discourse (Message Boards) Expand

Overall confidence: 100%
Detected patterns

meta generator /Discourse(?: ?\/?([\d.]+\d))?/i

Ruby (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /Discourse(?: ?\/?([\d.]+\d))?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

meta generator /Discourse(?: ?\/?([\d.]+\d))?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

62
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

1065 kB
Transfer

4322 kB
Size

0
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://init.0x00sec.org/
Title: Init

Search URL Search Domain Scan URL

URL: https://init.0x00sec.org/?partners
Title: Partners

Search URL Search Domain Scan URL

URL: http://www.hackerone.com/crowdstrike
Title: www.hackerone.com/crowdstrike 136

Search URL Search Domain Scan URL

URL: https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-dde-feature-in-word-to-prevent-further-malware-attacks/
Title: shipped a patch 27

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee844140(v=ws.10)
Title: this article 96

Search URL Search Domain Scan URL

URL: https://0x00sec.s3.amazonaws.com/original/2X/6/6bd8344f1586c1c0b508559488cf3f158f8ca597.png
Title: image.png1088×460 181 KB

Search URL Search Domain Scan URL

URL: https://github.com/itm4n/VBA-RunPE
Title: https://github.com/itm4n/VBA-RunPE 100

Search URL Search Domain Scan URL

URL: https://0x00sec.s3.amazonaws.com/original/2X/9/9349e9b5fc470bfac5e33dfa3cedbf19ee9a3937.png
Title: excel.png1020×501 28.7 KB

Search URL Search Domain Scan URL

URL: https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
Title: Medium – 16 Oct 18 243

Search URL Search Domain Scan URL

URL: https://0x00sec.s3.amazonaws.com/original/2X/9/96b68198cda08808004801a4327518a81a267178.png
Title: image.png1017×835 58.8 KB

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4053440#mitigating-dde-attack-scenarios
Title: docs.microsoft.com 13

Search URL Search Domain Scan URL

URL: https://0x00sec.s3.amazonaws.com/original/2X/7/7d061fc93f07e809da66e911d832687823ad36dc.png
Title: Excel-DDE.png856×662 27.4 KB

Search URL Search Domain Scan URL

URL: https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
Title: https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation 47

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/
Title: https://lolbas-project.github.io/ 30

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=2124772354&t=pageview&_s=1&dl=https%3A%2F%2F0x00sec.org%2Ft%2Fbypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell%2F10802&ul=en-us&de=UTF-8&dt=Bypassing%20Crowdstrike%20Falcon%20detection%2C%20from%20phishing%20email%20to%20reverse%20shell%20-%20Malware%20-%200x00sec%20-%20The%20Home%20of%20the%20Hacker&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1526804815&gjid=359857762&cid=1935510344.1575642533&tid=UA-76839457-2&_gid=208449688.1575642533&_r=1&z=1246785534 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76839457-2&cid=1935510344.1575642533&jid=1526804815&_gid=208449688.1575642533&gjid=359857762&_v=j79&z=1246785534

62 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 10802 Show response
0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/ 225 KB
29 KB 457ms
396ms Document
text/html 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff577d93fbf2c9d5351ad6fb0c98934151bcb86ef1cde762b90a6b0fcbe75db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: 0x00sec.org
:scheme: https
:path: /t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
date: Fri, 06 Dec 2019 14:28:52 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=dd44d7ded5d971128d1f4094d7293f0e41575642531; expires=Sun, 05-Jan-20 14:28:51 GMT; path=/; domain=.0x00sec.org; HttpOnly
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-discourse-route: topics/show
cache-control: no-cache, no-store
x-discourse-cached: skip
x-request-id: 93370d86-3718-4bf1-a91d-16a0b2b6e214
x-runtime: 0.342613
x-discourse-trackview: 1
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 540ef2df5f39cba0-VIE
content-encoding: br

GET
H2 200 en_US-b33c2758ab475daa8d2a93ef676922630d8e05b722a88f196e001e094d880ed8.js Show response
0x00sec.org/assets/locales/ 208 KB
59 KB 31ms
28ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/locales/en_US-b33c2758ab475daa8d2a93ef676922630d8e05b722a88f196e001e094d880ed8.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

69d2b094d1bbd1106bca9831cbf258666bbd374c269e0dbd458f7679f2b21c88

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 368032
cf-polished: origSize=213189
status: 200
last-modified: Mon, 21 Oct 2019 12:10:40 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1df1bcba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 ember_jquery-7dfac344d893a6c10c016353b994db2c6f42af630322ea6da3399c220fcc50ed.js Show response
0x00sec.org/assets/ 540 KB
142 KB 47ms
42ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/ember_jquery-7dfac344d893a6c10c016353b994db2c6f42af630322ea6da3399c220fcc50ed.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fbea0e5b2464406ff60213c1ac26ab59e26e8a9a257735bdabc57a2d79b3e78

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 88212
cf-polished: origSize=553295
status: 200
last-modified: Mon, 21 Oct 2019 12:09:16 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff54cba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 preload-store-081120a9f8cb0871483b66a95e534ce8e81f97d19c8cef978aea6c696d1feb20.js Show response
0x00sec.org/assets/ 565 B
400 B 43ms
39ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/preload-store-081120a9f8cb0871483b66a95e534ce8e81f97d19c8cef978aea6c696d1feb20.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f79ca95f6ade9842b7e3a6669c04fce722d7653bcfedcbd8984cb89533d3dbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 20901105
cf-polished: origSize=680
status: 200
last-modified: Mon, 08 Apr 2019 16:20:17 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff70cba0-VIE
expires: Tue, 07 Apr 2020 16:29:39 GMT

GET
H2 200 vendor-a681e94dd2b8c886f184865617b09b4f67b433321acef2bd98bb99bd9495307e.js Show response
0x00sec.org/assets/ 153 KB
51 KB 48ms
43ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/vendor-a681e94dd2b8c886f184865617b09b4f67b433321acef2bd98bb99bd9495307e.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4795acbb1254ccd6dd304ef8b1d6505edb0aa34f58e79e1f4db03e6ae11670d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 88212
cf-polished: origSize=156951
status: 200
last-modified: Mon, 21 Oct 2019 12:08:09 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff74cba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 pretty-text-bundle-73eff8ec744732d46811461cd693167a22b998a6c5a122cc11948cff0f2de687.js Show response
0x00sec.org/assets/ 129 KB
36 KB 48ms
44ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/pretty-text-bundle-73eff8ec744732d46811461cd693167a22b998a6c5a122cc11948cff0f2de687.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

979491a9e140ee6025878e68643ca6f42872ce400e3c82f785642f77ddddc3ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 88212
cf-polished: origSize=132257
status: 200
last-modified: Mon, 21 Oct 2019 12:09:25 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff75cba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 application-05bd8b74852562665384a0c946ef97efcf869b0dd4d42d23529cd5f2468b8a74.js Show response
0x00sec.org/assets/ 2 MB
382 KB 48ms
44ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/application-05bd8b74852562665384a0c946ef97efcf869b0dd4d42d23529cd5f2468b8a74.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

19dca4e86c90d2b85ed647dd69f8fdf40ef0393f0db9a0eda88287b13f3634c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3964493
cf-polished: origSize=2331029
status: 200
last-modified: Mon, 21 Oct 2019 12:11:59 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff78cba0-VIE
expires: Tue, 20 Oct 2020 12:16:25 GMT

GET
H2 200 discourse-details-a0eaecee5c192d6eda793b1c7a5f5e31c14360b171a1718d76eb4eef66f1ee9f.js Show response
0x00sec.org/assets/plugins/ 2 KB
944 B 43ms
39ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/discourse-details-a0eaecee5c192d6eda793b1c7a5f5e31c14360b171a1718d76eb4eef66f1ee9f.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6d4ff100f0428db305b6aed50fab94d0d2f24586dc29bc83ae4f7e38843b7f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19830
cf-polished: origSize=2133
status: 200
last-modified: Mon, 21 Oct 2019 12:10:45 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff7bcba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 discourse-local-dates-679ed99f6c6fb3de6aaf56bb03719bcc08b0d0bc9bef4353e7b910b5fae043a8.js Show response
0x00sec.org/assets/plugins/ 24 KB
6 KB 51ms
47ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/discourse-local-dates-679ed99f6c6fb3de6aaf56bb03719bcc08b0d0bc9bef4353e7b910b5fae043a8.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce371569ef63f1913b423f947ab928df344253e1eba46329c34753327e1993f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3964493
cf-polished: origSize=25056
status: 200
last-modified: Mon, 21 Oct 2019 12:10:47 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff7ccba0-VIE
expires: Tue, 20 Oct 2020 12:16:25 GMT

GET
H2 200 discourse-narrative-bot-34c7a69c26a852a4f0464fc33b2abbf56163d77f77138d699a839ba8f260296d.js Show response
0x00sec.org/assets/plugins/ 944 B
583 B 41ms
37ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/discourse-narrative-bot-34c7a69c26a852a4f0464fc33b2abbf56163d77f77138d699a839ba8f260296d.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a34d4d2d130e8a0b543a1295679915d84f3df2e29bc71213c06c02c88e40f94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3964493
cf-polished: origSize=1077
status: 200
last-modified: Mon, 21 Oct 2019 12:10:49 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff7ecba0-VIE
expires: Tue, 20 Oct 2020 12:16:25 GMT

GET
H2 200 discourse-presence-edafc1ce42be153611d58bf8a323e7415330a823010c645cf079f6e16f89d60c.js Show response
0x00sec.org/assets/plugins/ 9 KB
2 KB 44ms
41ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/discourse-presence-edafc1ce42be153611d58bf8a323e7415330a823010c645cf079f6e16f89d60c.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

81042d790571922da652ad67f2753707b03eb0c8159afe24c01a250ae1875340

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 88212
cf-polished: origSize=8901
status: 200
last-modified: Mon, 21 Oct 2019 12:10:50 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff7fcba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 discourse-spoiler-alert-b9c960367d7dd1d39f374a3cfba81367ae6539c7910bbdd3d3ecb3cb043afcf8.js Show response
0x00sec.org/assets/plugins/ 5 KB
2 KB 44ms
41ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/discourse-spoiler-alert-b9c960367d7dd1d39f374a3cfba81367ae6539c7910bbdd3d3ecb3cb043afcf8.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ce6f8a0263e82021dc3fb6a9f721f77f2a43387e24d52562e726d9ae71d0c5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19830
cf-polished: origSize=4956
status: 200
last-modified: Mon, 21 Oct 2019 12:10:52 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff87cba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 docker_manager-492fb412c4750223064d0b68fd03c4b1ae1e93f79a674e07cef09ce806e8e1ec.js Show response
0x00sec.org/assets/plugins/ 1 KB
560 B 42ms
40ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/docker_manager-492fb412c4750223064d0b68fd03c4b1ae1e93f79a674e07cef09ce806e8e1ec.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcb7f116a731edaaebd339ae3004968d241360bc5618a1eb723256acb50f8870

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19830
cf-polished: origSize=1262
status: 200
last-modified: Mon, 21 Oct 2019 12:10:53 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff89cba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 lazy-yt-57cd5e1748750edf78fba7190352452936b5c19d8667355e194838cc2ca9a53c.js Show response
0x00sec.org/assets/plugins/ 4 KB
2 KB 41ms
39ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/lazy-yt-57cd5e1748750edf78fba7190352452936b5c19d8667355e194838cc2ca9a53c.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

278e8209cd27a628b6ccd4dc0352e07f1aeb9eb034916f233796d2d2257e48bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19830
cf-polished: origSize=3801
status: 200
last-modified: Mon, 21 Oct 2019 12:10:55 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff8ccba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H2 200 poll-06fc0d5013a2d253c70e7e196084f3da3ee608f6a822525c612b352424c7ec7b.js Show response
0x00sec.org/assets/plugins/ 32 KB
9 KB 42ms
40ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/plugins/poll-06fc0d5013a2d253c70e7e196084f3da3ee608f6a822525c612b352424c7ec7b.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfc59850d0b6666f7bdc8270505d4e3389145c6b87979cf3e8f75d0e43b47500

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 368032
cf-polished: origSize=33169
status: 200
last-modified: Mon, 21 Oct 2019 12:10:58 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e1ff8fcba0-VIE
expires: Sat, 21 Nov 2020 19:10:40 GMT

GET
H/1.1 200
OK monokai-sublime.css
s3.amazonaws.com/0x00sec/ 1 KB
1 KB 366ms
102ms Stylesheet
text/css 52.216.184.229
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/0x00sec/monokai-sublime.css
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.184.229 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: fe66aef28788cf660b2383fefb69c360a3c1262f17aee1d3aea7cde5bdc914c0

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:53 GMT
Last-Modified: Sat, 07 May 2016 12:16:56 GMT
Server: AmazonS3
x-amz-request-id: CE17CD90F8650F20
ETag: "0c8b4c0e8a584e7142b08d914644cd9d"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 1026
x-amz-id-2: HYJgiAvDlULvf1RhJg9vD/cr0wmA7f/FilvS44dBWQTmZfQ7UgQZC/oVdpUuC4Qh4sKjrhR/28o=

GET
H/1.1 200
OK highlight.pack.js Show response
s3.amazonaws.com/0x00sec/ 98 KB
99 KB 366ms
102ms Script
application/x-javascript 52.216.184.229
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/0x00sec/highlight.pack.js
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.184.229 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: cca112fc780984f61cbeaec7835c0408731488d59420d25d952a0fb2a5966522

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:53 GMT
Last-Modified: Sat, 07 May 2016 12:16:55 GMT
Server: AmazonS3
x-amz-request-id: 7A59D519A57C3C1D
ETag: "694e576ccafa7d5bf5f96cc4e611649b"
Content-Type: application/x-javascript
Accept-Ranges: bytes
Content-Length: 100702
x-amz-id-2: lJtionzGzOPSZew2cyQ8NY/+/xMA0CTAmD2sxuxC6jRCKoafFS0c+rWZ5MVUoRBSFc/P2waQoXo=

GET
H2 200 254c9356499cc8d4eb482beb4e42a061cd987c61.js Show response
0x00sec.org/theme-javascripts/ 373 B
467 B 39ms
35ms Script
text/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/theme-javascripts/254c9356499cc8d4eb482beb4e42a061cd987c61.js?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

076706ccad020424fe4f21ec4910e2583f818f14148fc05bb3732d0fec5eedde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 2511
cf-polished: origSize=398
status: 200
x-discourse-route: theme_javascripts/show
content-transfer-encoding: binary
content-disposition: inline; filename="254c9356499cc8d4eb482beb4e42a061cd987c61.js"; filename*=UTF-8''254c9356499cc8d4eb482beb4e42a061cd987c61.js
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 96e703fd-3a18-4a3b-a2a5-824883bd56f4
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 26 Nov 2018 16:07:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/javascript
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff9acba0-VIE
cf-bgj: minify

GET
H2 200 desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 274 KB
51 KB 61ms
58ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e00b2003d85a0d55761a9e63169a5f0bbb696d2656dcefbdc6ad1f78aa5247b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
cf-polished: origSize=281369
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 7ef44a73-d087-42ba-a946-b6eb0f82790a
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:12:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff90cba0-VIE
cf-bgj: minify

GET
H2 200 desktop_theme_43_357d4d5c1b79099b6d69fc2270b968bbbb3b7953.css
0x00sec.org/stylesheets/ 1 KB
616 B 36ms
34ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/desktop_theme_43_357d4d5c1b79099b6d69fc2270b968bbbb3b7953.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d94deb9689e928b55509367f971c47ed63f3160c4f18591e45e0f31f44d61f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 16850
cf-polished: origSize=1347
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="desktop_theme_43_357d4d5c1b79099b6d69fc2270b968bbbb3b7953.css"; filename*=UTF-8''desktop_theme_43_357d4d5c1b79099b6d69fc2270b968bbbb3b7953.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 6826342b-2a26-4eff-9687-37dc5f4f6a29
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:12:21 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff92cba0-VIE
cf-bgj: minify

GET
H2 200 discourse-details_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 891 B
637 B 36ms
33ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/discourse-details_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5eeba72dfc641ed92c29a9994fd51df8874ffc1669ad9fb7b77f4eeb500d5df2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 3888850
cf-polished: origSize=992
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="discourse-details_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''discourse-details_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 33d75aaa-bc24-4b47-a763-7dd4757c818e
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:16:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff94cba0-VIE
cf-bgj: minify

GET
H2 200 discourse-local-dates_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 7 KB
1 KB 39ms
37ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/discourse-local-dates_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

69d2a003d95d05f7f32680ff34d699ef35d1fb8ef5a9ace46434a93db3fe7350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 3888850
cf-polished: origSize=7058
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="discourse-local-dates_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''discourse-local-dates_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: b3207e72-374d-40b2-9859-a23dba26d6ba
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:16:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff98cba0-VIE
cf-bgj: minify

GET
H2 200 discourse-presence_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 1 KB
864 B 36ms
34ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/discourse-presence_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

95e16c7bb44c9f7ed58e8ac794772269810b885e0bf7c1b50312312c6c3e62c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 2511
cf-polished: origSize=1359
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="discourse-presence_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''discourse-presence_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 4c6700b2-268e-43a4-b217-6a6e4aa6e658
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:16:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff9bcba0-VIE
cf-bgj: minify

GET
H2 200 discourse-spoiler-alert_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 118 B
325 B 49ms
47ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/discourse-spoiler-alert_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a04b0587bc1cf4da23ed7b5455c21db5e483c3a696bca7365b1a24b441adc205

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 19830
cf-polished: origSize=219
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="discourse-spoiler-alert_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''discourse-spoiler-alert_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: b36e8e1b-cae9-4415-982b-1405d1222f49
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:16:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff9ccba0-VIE
cf-bgj: minify

GET
H2 200 lazy-yt_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 2 KB
962 B 39ms
37ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/lazy-yt_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

50e0ca0d3c8beca127f0560a3ff506d6cdfaf87ae4703f1215dc3ec6d84b28db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 19830
cf-polished: origSize=2133
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="lazy-yt_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''lazy-yt_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: a121d81c-09a8-42d2-9b06-d0e4b83b7174
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:16:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ff9ecba0-VIE
cf-bgj: minify

GET
H2 200 poll_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 2 KB
919 B 43ms
42ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/poll_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

284871873030b02ba9c883a3fad8c0982b60a89c6168cb82038a3318a91c26ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 2511
cf-polished: origSize=2528
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="poll_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''poll_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 51e98e44-6ebd-4e06-ab56-0539e4e1d1e5
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:16:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ffa0cba0-VIE
cf-bgj: minify

GET
H2 200 poll_desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
0x00sec.org/stylesheets/ 898 B
687 B 39ms
38ms Stylesheet
text/css 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/stylesheets/poll_desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css?__ws=0x00sec.org

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e77907fdfa88bb5bac562d9b4bf06bad2c84bb90e604f0fae1701bc49117483e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 16850
cf-polished: origSize=993
status: 200
x-discourse-route: stylesheets/show
content-transfer-encoding: binary
content-disposition: inline; filename="poll_desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css"; filename*=UTF-8''poll_desktop_8_65f92c354eb7d4e26dcf4470e4557a1a3e0d3d19.css
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 18f80a06-ba8b-468d-9c34-7bb26ce7b24b
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 21 Oct 2019 12:16:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: text/css
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e1ffa2cba0-VIE
cf-bgj: minify

GET
H2 200 preload-application-data-c20deb0418fd87f5f03266570c4f93070c8325d5b49950d7621204a44b651901.js Show response
0x00sec.org/assets/ 1 KB
751 B 18ms
16ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/preload-application-data-c20deb0418fd87f5f03266570c4f93070c8325d5b49950d7621204a44b651901.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f079c74f2627c0942f683d325d32de6ae308a4058e8a2532a4fe030e2ffb793c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19830
cf-polished: origSize=1627
status: 200
last-modified: Mon, 21 Oct 2019 12:10:05 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e23815cba0-VIE
expires: Sat, 21 Nov 2020 19:08:55 GMT

GET
H2 200 browser-update-1741a2ed67a367faeb0a582af064457e8b1b1354e52e6efcf8bf26301166dec8.js Show response
0x00sec.org/assets/ 980 B
542 B 20ms
19ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/assets/browser-update-1741a2ed67a367faeb0a582af064457e8b1b1354e52e6efcf8bf26301166dec8.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d1b4f1bc63531866ceaefa04730beb25f2bd46af1ff36433f4cb000f45e662e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 19830
cf-polished: origSize=1096
status: 200
last-modified: Mon, 21 Oct 2019 12:08:34 GMT
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=31536000, immutable
cf-ray: 540ef2e24819cba0-VIE
expires: Sat, 21 Nov 2020 19:08:55 GMT

GET
H2 200 1.2.2 Show response
instant.page/ 3 KB
1 KB 66ms
36ms Script
text/javascript 2606:4700::6811:91a
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://instant.page/1.2.2
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:91a , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bee6c0bc3e2509b75a0a4bbc930cc89d9dc3f7829e6024447e10293ba004de4a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://0x00sec.org/
Origin: https://0x00sec.org

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
server: cloudflare
access-control-allow-origin: *
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: max-age=2592000
cf-ray: 540ef2e26c778c92-VIE

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/theme-javascripts/254c9356499cc8d4eb482beb4e42a061cd987c61.js?__ws=0x00sec.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 6915
date: Fri, 06 Dec 2019 12:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Fri, 06 Dec 2019 14:33:37 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=2124772354&t=pageview&_s=1&dl=https%3A%2F%2F0x00sec.org%2Ft%2Fbypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell%2F1...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76839457-2&cid=1935510344.1575642533&jid=1526804815&_gid=208449688.1575642533&gjid=359857762&_v=j79&z=1246785534

35 B
136 B

15ms
15ms

Image
image/gif

2a00:1450:400c:c00::9c
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76839457-2&cid=1935510344.1575642533&jid=1526804815&_gid=208449688.1575642533&gjid=359857762&_v=j79&z=1246785534

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Fri, 06 Dec 2019 14:28:53 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 06 Dec 2019 14:28:52 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-76839457-2&cid=1935510344.1575642533&jid=1526804815&_gid=208449688.1575642533&gjid=359857762&_v=j79&z=1246785534
content-type: text/html; charset=UTF-8
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 418
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 svg-43-411e7753cbcb6dfd1252a010de81032fefa6a539.js Show response
0x00sec.org/svg-sprite/0x00sec.org/ 106 KB
33 KB 25ms
24ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/svg-sprite/0x00sec.org/svg-43-411e7753cbcb6dfd1252a010de81032fefa6a539.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/assets/application-05bd8b74852562665384a0c946ef97efcf869b0dd4d42d23529cd5f2468b8a74.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

efd7c7d9cdb9f519d7457a54773c12be5241d8eb13187af5614548355921273d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 19825
cf-polished: origSize=108309
status: 200
x-discourse-route: svg_sprite/show
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: 1ea1ca0b-ff37-40af-acb9-e2d103ed8e79
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 21 Oct 2009 12:16:33 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e60b03cba0-VIE
cf-bgj: minify

GET
H2 200 jquery.magnific-popup.min.js Show response
0x00sec.org/javascripts/ 20 KB
7 KB 18ms
18ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/javascripts/jquery.magnific-popup.min.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/assets/application-05bd8b74852562665384a0c946ef97efcf869b0dd4d42d23529cd5f2468b8a74.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 21 Oct 2019 12:02:46 GMT
server: cloudflare
age: 19826
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86400, immutable
cf-ray: 540ef2e75e3acba0-VIE
expires: Fri, 06 Dec 2019 10:11:32 GMT

GET
H2 200 6a88550999021fba7568661984347ac5e0e0b8b7.js Show response
0x00sec.org/highlight-js/0x00sec.org/ 46 KB
18 KB 45ms
44ms Script
application/javascript 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/highlight-js/0x00sec.org/6a88550999021fba7568661984347ac5e0e0b8b7.js

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/assets/application-05bd8b74852562665384a0c946ef97efcf869b0dd4d42d23529cd5f2468b8a74.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

055404c436d4844f5f198144ce1b26d308a4b6fe39ac6c7b02354d880f463896

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
cf-polished: origSize=47257
status: 200
x-discourse-route: highlight_js/show
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-request-id: eab808d2-ac96-47e3-8b34-04ba1b39d9d5
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 07 Feb 2009 04:52:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31556952, immutable
cf-ray: 540ef2e77ecdcba0-VIE
cf-bgj: minify

GET
H/1.1 200
OK 0dc88a529598db0465f20e185795e243cb0328a9.png
0x00sec.s3.amazonaws.com/original/2X/0/ 36 KB
37 KB 387ms
109ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/original/2X/0/0dc88a529598db0465f20e185795e243cb0328a9.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/assets/ember_jquery-7dfac344d893a6c10c016353b994db2c6f42af630322ea6da3399c220fcc50ed.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7dd19001f5221151b497a783c5d61cfb35a4afc3408466933eb8411fef80f659

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Thu, 28 Feb 2019 13:13:43 GMT
Server: AmazonS3
x-amz-request-id: 50631382E159B6AD
ETag: "582ae7ce8091977b043acd9cadfb9638"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 37307
x-amz-id-2: YF0MPe60X0ON0cPJUIZmPpnrHOvhPfEiCANJrmzVBQ6oayTQKeNO/NmV57PuzLsFP3E+H0d+HfA=

GET
H/1.1 200
OK 6fc109c46f8a347cc1d9bebfdc28dbaab1b8631d.png
0x00sec.s3.amazonaws.com/original/2X/6/ 4 KB
4 KB 362ms
102ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/original/2X/6/6fc109c46f8a347cc1d9bebfdc28dbaab1b8631d.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f938ab6cb237e25ba7d2a91040092a6b4fc698bfa413e7b8222e8aa632ca980a

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 26 Nov 2018 16:07:45 GMT
Server: AmazonS3
x-amz-request-id: 2130B5DCAF8CEDA1
ETag: "1e79d693da9181fe6b1dac8fe5b1e43d"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 3850
x-amz-id-2: uAx0YuAws4S3ptvSh0QYtAbROS0ASsM4eb7iNgWCpdDUJsNcJ3PXz6tydIFi2f0Ko6QafoerEaU=

GET
H/1.1 200
OK 0a6ae7a596a5fd33b9ed9a76031f17f5ba3b9130.png
0x00sec.s3.amazonaws.com/original/2X/0/ 4 KB
4 KB 361ms
101ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/original/2X/0/0a6ae7a596a5fd33b9ed9a76031f17f5ba3b9130.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 21be4d116064c4304a6d1635a4c39f104dc859c79ed213c4cda274861be751c1

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 26 Jun 2017 15:17:45 GMT
Server: AmazonS3
x-amz-request-id: 0CD88EDCDAF6E518
ETag: "ed73f6a6dbaaa46cded4ec8677e5e00b"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 4101
x-amz-id-2: n0j7Zfaz56axkthmOgB66cBgwxtRqtOchIr756foMwgCtFyTgVJ0MN5qUIYHveOYoTpPFKV/5EI=

GET
H/1.1 200
OK bb3734339210d8d56a57877905851e9c99a117a5.png
0x00sec.s3.amazonaws.com/original/2X/b/ 2 KB
2 KB 386ms
126ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/original/2X/b/bb3734339210d8d56a57877905851e9c99a117a5.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: b5b0c740dbe4f19af03d0c7d4b61406ff3c80d2e5a81dfbc6ea25d89e6033b6b

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 14 Jan 2019 16:53:25 GMT
Server: AmazonS3
x-amz-request-id: CBA0D04D95A0010C
ETag: "054d9bb228beec0e2e7c8a1a50f7a57d"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1555
x-amz-id-2: pTh0IxOzgydp0qvKw5zULc9WXK6iDvXCE8XPxjk1d0u6NXZ7TBK+qbaGrka5+ORBpYU/BE2py+o=

GET
H/1.1 200
OK bcfc02745f82dd67c3a43bdaf796c6eb22543511.png
0x00sec.s3.amazonaws.com/original/2X/b/ 2 KB
2 KB 391ms
131ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/original/2X/b/bcfc02745f82dd67c3a43bdaf796c6eb22543511.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: e82d344de5abcd9b4935c93affb6a92a4024d4867fd39c9f811db4cd5f78c9b7

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 14 Jan 2019 16:56:10 GMT
Server: AmazonS3
x-amz-request-id: C5E29F07BC8D7170
ETag: "a01de3006ed85eded27e0da92f7e62e0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1557
x-amz-id-2: yVjmsOaIBEhQlBi7+zPmi+d3MdpP16UCpnoEmKqlsP4NfVXRD9TytQc/0dHdphXvGTthqQvXOss=

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK 6bd8344f1586c1c0b508559488cf3f158f8ca597_2_10x10.png
0x00sec.s3.amazonaws.com/optimized/2X/6/ 387 B
743 B 403ms
143ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/optimized/2X/6/6bd8344f1586c1c0b508559488cf3f158f8ca597_2_10x10.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 317f6aad73425633534f4ace7cb2da5621a7a12815607bb7961708de8f078070

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 08 Apr 2019 17:09:25 GMT
Server: AmazonS3
x-amz-request-id: 815A01ADDE979457
ETag: "f88cbf6c872933c5e5e8e5978161705a"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 387
x-amz-id-2: pKDLTOCe/z+QuiFtk1XTfLcSYrZAE/JZmDkUH4ihHwFITziAyrFrNhvio/Lwyd7XR5CKZFbKi/U=

GET
H2 200 1_2.png
0x00sec.org/user_avatar/0x00sec.org/system/20/ 454 B
578 B 23ms
21ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/system/20/1_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b10ad1e23005684b69e28ab49f47d05ac02f03603879c245570f3e19b011d8a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
age: 88208
status: 200
x-discourse-route: user_avatars/show
vary: Accept-Encoding
content-length: 454
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 27 Apr 2016 21:43:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/png
cache-control: public, max-age=31556952, immutable
accept-ranges: bytes
cf-ray: 540ef2e828e4cba0-VIE
content-transfer-encoding: binary

GET
H2 200 6902_2.png
0x00sec.org/user_avatar/0x00sec.org/thunderson/32/ 1 KB
1 KB 43ms
41ms Image
image/jpeg 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/thunderson/32/6902_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

34f406c10dc099699946566b642e7dc7ac13a85110d448e51edf0735f4772f01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 1295
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 14 Jan 2019 16:08:00 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/jpeg
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828e7cba0-VIE

GET
H2 200 5512_2.png
0x00sec.org/user_avatar/0x00sec.org/baud/45/ 3 KB
3 KB 40ms
38ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/baud/45/5512_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca3fa8d5c0fdca86a8df979e6ff66be0da8c75dc678c7809257db312fd6f45a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 2765
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 06 Aug 2018 22:06:13 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/png
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828e8cba0-VIE

GET
H2 200 6_2.png
0x00sec.org/user_avatar/0x00sec.org/pry0cc/45/ 534 B
625 B 42ms
40ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/pry0cc/45/6_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1094dbdfe78c054bcea148d0e56a659f94de47f9462cd1a7c9b815d7e6ceadf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 534
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 27 Apr 2016 21:47:23 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/png
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828eacba0-VIE

GET
H2 200 5512_2.png
0x00sec.org/user_avatar/0x00sec.org/baud/25/ 1 KB
2 KB 113ms
111ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/baud/25/5512_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d929bda2e6a7cfde125328f7cf1342e1db7c974f3ec27609450d306de2d6ea0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 1498
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 06 Aug 2018 22:06:13 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/png
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828ebcba0-VIE

GET
H2 200 wink.png
0x00sec.org/images/emoji/twitter/ 760 B
895 B 43ms
41ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/images/emoji/twitter/wink.png?v=6

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6b86554472159b74d0ab91b2cb3cd75cf361ccf96a141a4ebd3363c38e7f8eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 24 Jun 2019 11:08:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 540ef2e828eecba0-VIE
content-length: 760
expires: Wed, 23 Sep 2020 07:26:12 GMT

GET
H/1.1 200
OK 9349e9b5fc470bfac5e33dfa3cedbf19ee9a3937_2_10x10.png
0x00sec.s3.amazonaws.com/optimized/2X/9/ 336 B
692 B 96ms
96ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/optimized/2X/9/9349e9b5fc470bfac5e33dfa3cedbf19ee9a3937_2_10x10.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 652e2d9756fa3cc36f148079a02f255ac35008465a54f331221e0d848d1203ad

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 08 Apr 2019 17:08:32 GMT
Server: AmazonS3
x-amz-request-id: 8798FB738875041D
ETag: "973edf6f7196bfaeef8b7b2b7ea4f00b"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 336
x-amz-id-2: RhPToPuNUps9vnY1r4+6liY9hzuC4HDnC24GeV0K7EuQJsroQ2BL9Vu3r2hSVtULuz0WNiGUq+8=

GET
H2 200 6409_2.png
0x00sec.org/user_avatar/0x00sec.org/dtm/45/ 3 KB
3 KB 44ms
43ms Image
image/jpeg 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/dtm/45/6409_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

17b0ba8684f774132651c9e1dd1b534e61f8541849be77b5ddfbc01d5866e98c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 2827
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 05 Nov 2018 05:15:30 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/jpeg
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828f1cba0-VIE

GET
H2 200 6_2.png
0x00sec.org/user_avatar/0x00sec.org/pry0cc/25/ 321 B
411 B 60ms
58ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/pry0cc/25/6_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

10f094540a425c936964d31213a4bc668ecb23ec23ed59a0b5f3ae25ddae1da0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 321
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 27 Apr 2016 21:47:23 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/png
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828f3cba0-VIE

GET
H/1.1 200
OK 8c7390150cd0078e967a18c7663581b9b334d239.png
0x00sec.s3.amazonaws.com/original/2X/8/ 517 B
873 B 102ms
102ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/original/2X/8/8c7390150cd0078e967a18c7663581b9b334d239.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: dabfc88622035b2a9a54447ac9eaaed64c49c608d1aaf6e441a856623dd28c70

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 19 Nov 2018 08:31:41 GMT
Server: AmazonS3
x-amz-request-id: F061E5CD16B96F6B
ETag: "f965583609e8eacf623c8ee6fedf9d47"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 517
x-amz-id-2: C81aiFUF21+KoK6PjU7AoVLTR8FRrPYKNeCwJjoqVp3YhBQW5VL1/2t5iCgBOXacAHGVRWtlavw=

GET
H/1.1 200
OK dba6c5bca5844abc412903ca5ab3e1450fea2171.png
0x00sec.s3.amazonaws.com/original/2X/d/ 31 KB
31 KB 95ms
94ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/original/2X/d/dba6c5bca5844abc412903ca5ab3e1450fea2171.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 48d4fe4f1447530480db85a5283f3728ed37ea8364ec8f4d8079801317361759

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 19 Nov 2018 08:31:44 GMT
Server: AmazonS3
x-amz-request-id: A444AEAD54E79C93
ETag: "52f4b1a1e50f6fca66e7bf80163aab82"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 31651
x-amz-id-2: fWR5hJ94KFQVavvvy53Y0lUKhNyrLgbxHYrrONKLfBbsDY16E9eUk/5+U5WHxoQKC6ZFrwVAwL0=

GET
H2 200 stuck_out_tongue.png
0x00sec.org/images/emoji/twitter/ 843 B
1008 B 60ms
58ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/images/emoji/twitter/stuck_out_tongue.png?v=6

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4e081a0fa8795c3b4d7ba51b7cbc72cc2a0868dbaf2039ac78ee08fe073f7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 24 Jun 2019 11:08:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 540ef2e828f5cba0-VIE
content-length: 843
expires: Thu, 24 Sep 2020 07:40:32 GMT

GET
H/1.1 200
OK 96b68198cda08808004801a4327518a81a267178_2_10x10.png
0x00sec.s3.amazonaws.com/optimized/2X/9/ 384 B
740 B 127ms
127ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/optimized/2X/9/96b68198cda08808004801a4327518a81a267178_2_10x10.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7c90a3e8927e99817a94e7d824c694c3bccd18da996b15f351a3b44016deef56

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 08 Apr 2019 17:09:07 GMT
Server: AmazonS3
x-amz-request-id: 09A86363401DACE8
ETag: "9162860d4d4c9e5d1e642e4cb35e8f41"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 384
x-amz-id-2: bpg5pHbbZ4iSGF3lyNMkp5zlyL+lKgCvhbf6A5uUisiGT7XaEK1JB9j88PmiDhj1KUIfm4sQ7y4=

GET
H2 200 6902_2.png
0x00sec.org/user_avatar/0x00sec.org/thunderson/45/ 2 KB
2 KB 59ms
58ms Image
image/jpeg 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/thunderson/45/6902_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

992384c03a986f9c73477a4e1d2df1626e105e3b05ec11f9d2b3605f8e577c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 2112
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 14 Jan 2019 16:08:00 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/jpeg
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828f6cba0-VIE

GET
H2 200 6635_2.png
0x00sec.org/user_avatar/0x00sec.org/guly/45/ 3 KB
3 KB 56ms
55ms Image
image/jpeg 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/guly/45/6635_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8710d0f13f791326cb923e9ba321c6c1bd9f51563f37c65821c5716e194e0137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 2861
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Dec 2018 14:27:50 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/jpeg
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828f9cba0-VIE

GET
H2 200 6902_2.png
0x00sec.org/user_avatar/0x00sec.org/thunderson/25/ 999 B
1 KB 46ms
44ms Image
image/jpeg 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/thunderson/25/6902_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c8f69255a3bd34a05cea4f6c5a924749e6e484199e4c3aa04c304c71fb5480c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 999
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 14 Jan 2019 16:08:00 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/jpeg
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828fbcba0-VIE

GET
H/1.1 200
OK 7d061fc93f07e809da66e911d832687823ad36dc_2_10x10.png
0x00sec.s3.amazonaws.com/optimized/2X/7/ 371 B
727 B 94ms
94ms Image
image/png 52.217.36.124
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://0x00sec.s3.amazonaws.com/optimized/2X/7/7d061fc93f07e809da66e911d832687823ad36dc_2_10x10.png
Requested by: Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.36.124 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 2fa027099d1b3eebc0fb4a0e14153b381142d1f160f138bf01afc532db471bb5

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 06 Dec 2019 14:28:54 GMT
Last-Modified: Mon, 08 Apr 2019 17:08:06 GMT
Server: AmazonS3
x-amz-request-id: EF41CA0ED2D90286
ETag: "f212d91d76b5bf4037d141ba27e384c8"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 371
x-amz-id-2: B7STBRMyv3a1f7H2jcD1aTdouFJjVbGM/qFoXXvd8wMqUh68HLEeylN6oLyWVS5Os8mw6j4NZ4Q=

GET
H2 200 6913_2.png
0x00sec.org/user_avatar/0x00sec.org/gettheguru/45/ 3 KB
3 KB 47ms
46ms Image
image/jpeg 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/gettheguru/45/6913_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8f61aa7e29376beda26a3acd5ad133dec8dae78793243de91e473e26ad4749d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 2729
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 15 Jan 2019 07:06:18 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/jpeg
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828fdcba0-VIE

GET
H2 200 6918_2.png
0x00sec.org/user_avatar/0x00sec.org/gianniscavo/45/ 2 KB
2 KB 43ms
42ms Image
image/png 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0x00sec.org/user_avatar/0x00sec.org/gianniscavo/45/6918_2.png

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ef62a97e46977dc5bba6ec0c20c38a839ffe67201eea88cfacd8f136e9eaf44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 06 Dec 2019 14:28:53 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
x-permitted-cross-domain-policies: none
status: 200
content-transfer-encoding: binary
vary: Accept-Encoding
content-length: 2217
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 15 Jan 2019 11:01:33 GMT
server: cloudflare
cache-control: public, max-age=31556952, immutable
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
x-download-options: noopen
content-type: image/png
x-discourse-route: user_avatars/show
accept-ranges: bytes
cf-ray: 540ef2e828fecba0-VIE

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 6ms
5ms Image
image/gif 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=2124772354&t=pageview&_s=2&dl=https%3A%2F%2F0x00sec.org%2Ft%2Fbypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell%2F10802&dp=%2Ft%2Fbypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell%2F10802&ul=en-us&de=UTF-8&dt=Bypassing%20Crowdstrike%20Falcon%20detection%2C%20from%20phishing%20email%20to%20reverse%20shell%20-%20Malware%20-%200x00sec%20-%20The%20Home%20of%20the%20Hacker&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=KEBAAEAB~&jid=&gjid=&cid=1935510344.1575642533&tid=UA-76839457-2&_gid=208449688.1575642533&z=1364162540

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://0x00sec.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 04:26:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1245753
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 poll
0x00sec.org/message-bus/77d979b92397457c83969207a5e48ed5/ 237 B
0 58ms
58ms XHR
text/plain 2606:4700:30::6812:3130
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://0x00sec.org/message-bus/77d979b92397457c83969207a5e48ed5/poll

Requested by

Host: 0x00sec.org
URL: https://0x00sec.org/assets/ember_jquery-7dfac344d893a6c10c016353b994db2c6f42af630322ea6da3399c220fcc50ed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6812:3130 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://0x00sec.org
X-CSRF-Token: undefined
Discourse-Visible: true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-SILENCE-LOGGER: true
Accept: text/plain, */*; q=0.01
Referer: https://0x00sec.org/t/bypassing-crowdstrike-falcon-detection-from-phishing-email-to-reverse-shell/10802
X-Requested-With: XMLHttpRequest

Response headers

pragma: no-cache
date: Fri, 06 Dec 2019 14:28:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
access-control-allow-methods: GET, POST
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://0x00sec.org
cache-control: must-revalidate, private, max-age=0
cf-ray: 540ef2ec5bc1cba0-VIE
access-control-allow-headers: X-SILENCE-LOGGER, X-Shared-Session-Key, Dont-Chunk, Discourse-Visible
expires: 0

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0x00sec.org
0x00sec.s3.amazonaws.com
instant.page
s3.amazonaws.com
stats.g.doubleclick.net
www.google-analytics.com
2606:4700:30::6812:3130
2606:4700::6811:91a
2a00:1450:4001:808::200e
2a00:1450:400c:c00::9c
52.216.184.229
52.217.36.124
055404c436d4844f5f198144ce1b26d308a4b6fe39ac6c7b02354d880f463896
076706ccad020424fe4f21ec4910e2583f818f14148fc05bb3732d0fec5eedde
1094dbdfe78c054bcea148d0e56a659f94de47f9462cd1a7c9b815d7e6ceadf2
10f094540a425c936964d31213a4bc668ecb23ec23ed59a0b5f3ae25ddae1da0
17b0ba8684f774132651c9e1dd1b534e61f8541849be77b5ddfbc01d5866e98c
19dca4e86c90d2b85ed647dd69f8fdf40ef0393f0db9a0eda88287b13f3634c7
1c8f69255a3bd34a05cea4f6c5a924749e6e484199e4c3aa04c304c71fb5480c
1ef62a97e46977dc5bba6ec0c20c38a839ffe67201eea88cfacd8f136e9eaf44
21be4d116064c4304a6d1635a4c39f104dc859c79ed213c4cda274861be751c1
278e8209cd27a628b6ccd4dc0352e07f1aeb9eb034916f233796d2d2257e48bf
284871873030b02ba9c883a3fad8c0982b60a89c6168cb82038a3318a91c26ae
2fa027099d1b3eebc0fb4a0e14153b381142d1f160f138bf01afc532db471bb5
317f6aad73425633534f4ace7cb2da5621a7a12815607bb7961708de8f078070
34f406c10dc099699946566b642e7dc7ac13a85110d448e51edf0735f4772f01
3a34d4d2d130e8a0b543a1295679915d84f3df2e29bc71213c06c02c88e40f94
3d1b4f1bc63531866ceaefa04730beb25f2bd46af1ff36433f4cb000f45e662e
3d94deb9689e928b55509367f971c47ed63f3160c4f18591e45e0f31f44d61f5
3f79ca95f6ade9842b7e3a6669c04fce722d7653bcfedcbd8984cb89533d3dbc
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
48d4fe4f1447530480db85a5283f3728ed37ea8364ec8f4d8079801317361759
50e0ca0d3c8beca127f0560a3ff506d6cdfaf87ae4703f1215dc3ec6d84b28db
5eeba72dfc641ed92c29a9994fd51df8874ffc1669ad9fb7b77f4eeb500d5df2
652e2d9756fa3cc36f148079a02f255ac35008465a54f331221e0d848d1203ad
69d2a003d95d05f7f32680ff34d699ef35d1fb8ef5a9ace46434a93db3fe7350
69d2b094d1bbd1106bca9831cbf258666bbd374c269e0dbd458f7679f2b21c88
7c90a3e8927e99817a94e7d824c694c3bccd18da996b15f351a3b44016deef56
7dd19001f5221151b497a783c5d61cfb35a4afc3408466933eb8411fef80f659
7e00b2003d85a0d55761a9e63169a5f0bbb696d2656dcefbdc6ad1f78aa5247b
81042d790571922da652ad67f2753707b03eb0c8159afe24c01a250ae1875340
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8710d0f13f791326cb923e9ba321c6c1bd9f51563f37c65821c5716e194e0137
8ce6f8a0263e82021dc3fb6a9f721f77f2a43387e24d52562e726d9ae71d0c5c
95e16c7bb44c9f7ed58e8ac794772269810b885e0bf7c1b50312312c6c3e62c8
979491a9e140ee6025878e68643ca6f42872ce400e3c82f785642f77ddddc3ad
992384c03a986f9c73477a4e1d2df1626e105e3b05ec11f9d2b3605f8e577c4f
9fbea0e5b2464406ff60213c1ac26ab59e26e8a9a257735bdabc57a2d79b3e78
a04b0587bc1cf4da23ed7b5455c21db5e483c3a696bca7365b1a24b441adc205
b10ad1e23005684b69e28ab49f47d05ac02f03603879c245570f3e19b011d8a5
b5b0c740dbe4f19af03d0c7d4b61406ff3c80d2e5a81dfbc6ea25d89e6033b6b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bee6c0bc3e2509b75a0a4bbc930cc89d9dc3f7829e6024447e10293ba004de4a
ca3fa8d5c0fdca86a8df979e6ff66be0da8c75dc678c7809257db312fd6f45a1
cca112fc780984f61cbeaec7835c0408731488d59420d25d952a0fb2a5966522
ce371569ef63f1913b423f947ab928df344253e1eba46329c34753327e1993f3
cfc59850d0b6666f7bdc8270505d4e3389145c6b87979cf3e8f75d0e43b47500
d6d4ff100f0428db305b6aed50fab94d0d2f24586dc29bc83ae4f7e38843b7f9
d929bda2e6a7cfde125328f7cf1342e1db7c974f3ec27609450d306de2d6ea0d
dabfc88622035b2a9a54447ac9eaaed64c49c608d1aaf6e441a856623dd28c70
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dcb7f116a731edaaebd339ae3004968d241360bc5618a1eb723256acb50f8870
e4795acbb1254ccd6dd304ef8b1d6505edb0aa34f58e79e1f4db03e6ae11670d
e77907fdfa88bb5bac562d9b4bf06bad2c84bb90e604f0fae1701bc49117483e
e82d344de5abcd9b4935c93affb6a92a4024d4867fd39c9f811db4cd5f78c9b7
efd7c7d9cdb9f519d7457a54773c12be5241d8eb13187af5614548355921273d
f079c74f2627c0942f683d325d32de6ae308a4058e8a2532a4fe030e2ffb793c
f4e081a0fa8795c3b4d7ba51b7cbc72cc2a0868dbaf2039ac78ee08fe073f7b3
f6b86554472159b74d0ab91b2cb3cd75cf361ccf96a141a4ebd3363c38e7f8eb
f8f61aa7e29376beda26a3acd5ad133dec8dae78793243de91e473e26ad4749d
f938ab6cb237e25ba7d2a91040092a6b4fc698bfa413e7b8222e8aa632ca980a
fe66aef28788cf660b2383fefb69c360a3c1262f17aee1d3aea7cde5bdc914c0
ff577d93fbf2c9d5351ad6fb0c98934151bcb86ef1cde762b90a6b0fcbe75db0

0x00sec.org Open in urlscan Pro 2606:4700:30::6812:3130 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

62 Requests

100 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

7 IPs

3 Countries

1065 kBTransfer

4322 kBSize

0 Cookies

14 Outgoing links

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

0x00sec.org Open in urlscan Pro
2606:4700:30::6812:3130 Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

3
Countries

1065 kB
Transfer

4322 kB
Size

0
Cookies

62 HTTP transactions
1 data transactions