urlscan.io logo urlscan.io
SecurityTrails logo

detection.fyi Open in urlscan Pro
2606:50c0:8001::153  Public Scan

Go To Rescan Add Verdict Report
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Submission: On October 17 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 20 HTTP transactions. The main IP is 2606:50c0:8001::153, located in United States and belongs to FASTLY, US. The main domain is detection.fyi.
TLS certificate: Issued by R10 on August 28th 2024. Valid for: 3 months.
This is the only time detection.fyi was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 2606:50c0:800... 54113 (FASTLY)
2 2606:4700:303... 13335 (CLOUDFLAR...)
4 2606:4700:20:... 13335 (CLOUDFLAR...)
20 4
Apex Domain
Subdomains		 Transfer
12 detection.fyi
detection.fyi
135 KB
4 ethicalads.io
server.ethicalads.io — Cisco Umbrella Rank: 59915
media.ethicalads.io — Cisco Umbrella Rank: 53908
3 KB
2 thedfirreport.com
thedfirreport.com — Cisco Umbrella Rank: 799567
283 KB
0 windows.net Failed
ethicalads.blob.core.windows.net Failed
0 bradleyjkemp.dev Failed
stats.bradleyjkemp.dev Failed
20 5
Domain Requested by
12 detection.fyi detection.fyi
2 media.ethicalads.io detection.fyi
2 server.ethicalads.io detection.fyi
2 thedfirreport.com detection.fyi
0 ethicalads.blob.core.windows.net Failed detection.fyi
0 stats.bradleyjkemp.dev Failed detection.fyi
20 6

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
github.com
thedfirreport.com
server.ethicalads.io
www.ethicalads.io
Subject Issuer Validity Valid
detection.fyi
R10		 2024-08-28 -
2024-11-26		 3 months crt.sh
thedfirreport.com
WE1		 2024-09-10 -
2024-12-09		 3 months crt.sh
ethicalads.io
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Frame ID: 7CCA2B278C72C32DF13894BDC5F1D1A0
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Execution of ZeroLogon PoC executable | Detection.FYI

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Page Statistics

20
Requests

90 %
HTTPS

100 %
IPv6

5
Domains

6
Subdomains

4
IPs

1
Countries

421 kB
Transfer

538 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/ 		40 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
37b46b56624b0e499033332f5527e8a6d56fa892e51c6106d83b46218e8683d9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
10575
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 10:39:42 GMT
etag
W/"6710aab2-9f15"
expires
Thu, 17 Oct 2024 10:49:42 GMT
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
server
GitHub.com
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-fastly-request-id
757a9d00453d596c3c0f7bf73ad8795648eb361c
x-github-request-id
3B0C:2C6356:284721E:297DAA9:6710E96E
x-proxy-cache
MISS
x-served-by
cache-fra-eddf8230111-FRA
x-timer
S1729161583.595649,VS0,VE102
plausible.js
stats.bradleyjkemp.dev/js/ 		0
0
styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
detection.fyi/css/ 		26 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
86f10bb7af352f4933dff4357118b289cd14ad92f2f59985f69af88d87f74c85

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://detection.fyi
Referer
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/

Response headers

x-fastly-request-id
051f1f3808d9164760a3c5ed0e6d0bd0ae7a84e6
content-encoding
gzip
etag
W/"6710aab2-6916"
age
0
x-github-request-id
8BAC:36EAE5:2AE925A:2C264B6:6710E96E
expires
Thu, 17 Oct 2024 10:49:42 GMT
x-proxy-cache
MISS
x-cache
MISS
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
text/css; charset=utf-8
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.729633,VS0,VE92
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
6577
server
GitHub.com
bundle.56e592094509d56f276a4eb149ce4f5846b3ca5e706f1d486d527d81fbaeda35e3d47d838b20e591c5e46bbf7e12d79dd929e918dde9239b73d492b260870d5d.js
detection.fyi/en/js/ 		46 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/en/js/bundle.56e592094509d56f276a4eb149ce4f5846b3ca5e706f1d486d527d81fbaeda35e3d47d838b20e591c5e46bbf7e12d79dd929e918dde9239b73d492b260870d5d.js
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
6326f6e40a6b8b8af6d12780e2043c40b2dfec8f9cb07c8afdb17d419bb94878

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://detection.fyi
Referer
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/

Response headers

x-fastly-request-id
0c657bdf001032e726ddb2ea938636df70b63611
content-encoding
gzip
etag
W/"6710aab2-b98c"
age
495
x-github-request-id
91E6:397823:318FEDA:3307DC6:6710E43E
expires
Thu, 17 Oct 2024 10:27:34 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.729609,VS0,VE2
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
15926
server
GitHub.com
default-monochrome.png
detection.fyi/logos/detection.fyi-logo/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/logos/detection.fyi-logo/default-monochrome.png
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
44f9df60fe3a60b5ddbb3b496132396f194141854f5c367ff52d880d322cd124

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/

Response headers

x-fastly-request-id
522e221b2517100366a305a32adad87c599dd3cb
etag
"6710aab2-1e3f"
age
495
x-github-request-id
1673:27725:4E7A182:50CC9EC:6710D865
expires
Thu, 17 Oct 2024 09:37:01 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
image/png
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.729569,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
7743
x-origin-cache
HIT
server
GitHub.com
search.min.df4d84e4983f0c71dd495e07a09815d920553c3ddf3d0767801c73373573aa17e1b489e4453272dbf4ce2a38a3d01a10b170744e50dd6bec85a598221867ba9a.js
detection.fyi/js/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/js/search.min.df4d84e4983f0c71dd495e07a09815d920553c3ddf3d0767801c73373573aa17e1b489e4453272dbf4ce2a38a3d01a10b170744e50dd6bec85a598221867ba9a.js
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
8bd3087ba0741d2db8fcaa991719f1deefd3a3d8234592917069f36377178b5b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/

Response headers

x-fastly-request-id
1b2a1c310e757adccd1a27bf628038550ed190ee
content-encoding
gzip
etag
W/"6710aab3-6657"
age
495
x-github-request-id
858A:3754EB:442D255:4626026:6710ACD7
expires
Thu, 17 Oct 2024 06:31:11 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 17 Oct 2024 06:12:03 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.737788,VS0,VE2
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
8623
server
GitHub.com
ethicalads.min.js
detection.fyi/js/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/js/ethicalads.min.js
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
73ca42e6ade14b9c05b89e6c07f8619c28bd577de686f7a5f6081c33773aa050

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/

Response headers

x-fastly-request-id
e6d3c3fd2256c58a64c0ad2ed3f337d0580dd07d
content-encoding
gzip
etag
W/"6710aab3-6c5e"
age
494
x-github-request-id
61C8:2B55FB:2191A9D:2294DE4:6710ACD7
expires
Thu, 17 Oct 2024 06:31:11 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 17 Oct 2024 06:12:03 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.737741,VS0,VE3
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
8220
server
GitHub.com
sun.svg
detection.fyi/images/ 		4 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/images/sun.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
d2cc8532e11b5b8dcb08c06e3406378c6367982418a6acd8642a01da62a8a411

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css

Response headers

x-fastly-request-id
8277aefddb506e4613ee858b19e7fef0d8831b56
content-encoding
gzip
etag
W/"6710aab2-ecb"
age
495
x-github-request-id
9A64:2B55FB:21BAE9C:22BF3D2:6710B078
expires
Thu, 17 Oct 2024 06:46:40 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
image/svg+xml
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.850693,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
1232
server
GitHub.com
Metropolis-Regular.woff2
detection.fyi/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/fonts/Metropolis-Regular.woff2
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
e920e6b0e7987aceb8df32656d01d44057e2c08646716202d594e06b5010ae70

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://detection.fyi
Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css

Response headers

x-fastly-request-id
6da7a0fbd97069d6e26b628f5ad3d0c295abfc53
etag
"6710aab2-5e58"
age
0
x-github-request-id
4157:36EAE5:2AD1990:2C0E287:6710E77E
expires
Thu, 17 Oct 2024 10:41:27 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
font/woff2
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
x-cache-hits
0
x-served-by
cache-fra-eddf8230111-FRA
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.862020,VS0,VE113
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
24152
server
GitHub.com
Metropolis-Light.woff2
detection.fyi/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/fonts/Metropolis-Light.woff2
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
3664cf60656a87a7e1bf1d1e98cfe7e83d01a00133508251757fdbd1b9128d3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://detection.fyi
Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css

Response headers

x-fastly-request-id
1c89db3bdfacbd160167f96fafe43a6dc3da598e
etag
"6710aab2-6538"
age
495
x-github-request-id
09F1:335C35:2AFD2E3:2C30D38:6710AD38
expires
Thu, 17 Oct 2024 06:32:48 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
font/woff2
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
x-cache-hits
0
x-served-by
cache-fra-eddf8230111-FRA
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.862013,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
25912
server
GitHub.com
copy.svg
detection.fyi/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/icons/copy.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
26651cf8ae6fe488660217eb320427020fea97802a80ef2a5ecc3ff3ac65f0ab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/

Response headers

x-fastly-request-id
49e8669771e862ba560951f8b958f2a214ddc5e4
content-encoding
gzip
etag
W/"6710aab3-7fd"
age
495
x-github-request-id
8ABC:3674A0:3ACA425:3C9238E:6710D8A1
expires
Thu, 17 Oct 2024 09:36:55 GMT
x-proxy-cache
HIT
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
image/svg+xml
last-modified
Thu, 17 Oct 2024 06:12:03 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.859944,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
758
server
GitHub.com
order.svg
detection.fyi/icons/ 		1 KB
570 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://detection.fyi/icons/order.svg
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
0972799d3baf1299429a3b6409decb3c552bae91d9548d540cfdbd9cfddd6074

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/

Response headers

x-fastly-request-id
d844c5c84ccf760d20ed5ecacd90db309221a03c
content-encoding
gzip
etag
W/"6710aab3-40e"
age
0
x-github-request-id
1E15:35267A:42C8E41:44BC710:6710E96E
expires
Thu, 17 Oct 2024 10:49:42 GMT
x-proxy-cache
MISS
x-cache
MISS
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
image/svg+xml
last-modified
Thu, 17 Oct 2024 06:12:03 GMT
x-served-by
cache-fra-eddf8230111-FRA
x-cache-hits
0
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.860048,VS0,VE92
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
380
server
GitHub.com
Metropolis-RegularItalic.woff2
detection.fyi/fonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://detection.fyi/fonts/Metropolis-RegularItalic.woff2
Requested by
Host: detection.fyi
URL: https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8001::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
ccc6ad34e46e9369935d4e1dd4ad6e155538931eebf4f7f10e560f21013c094a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://detection.fyi
Referer
https://detection.fyi/css/styles.42e2c5f6d8cf9c52872666f8d8b2678ad0c426978b9d78aff3c33b7a1e7f6f97f54bcdaf0518a25fb0fe26367d04f8b07c683b3b38b331cb098daadee06b1f3e.css

Response headers

x-fastly-request-id
d9977b4dc667ccb28702700c9eef3bf14bb63d09
etag
"6710aab2-6410"
age
495
x-github-request-id
65D1:22F2A2:176F9D:185706:6710AD38
expires
Thu, 17 Oct 2024 06:32:49 GMT
x-proxy-cache
MISS
x-cache
HIT
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
font/woff2
last-modified
Thu, 17 Oct 2024 06:12:02 GMT
x-cache-hits
0
x-served-by
cache-fra-eddf8230111-FRA
vary
Accept-Encoding
cache-control
max-age=600
x-timer
S1729161583.861993,VS0,VE1
via
1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
25616
server
GitHub.com
From-Zero-to-Domain-Admin.png
thedfirreport.com/wp-content/uploads/2021/10/ 		154 KB
154 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thedfirreport.com/wp-content/uploads/2021/10/From-Zero-to-Domain-Admin.png
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
553c1769d7f52348863fd9476a327491e638ee0394b820ca643f1fe5704fd118

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/

Response headers

cf-cache-status
REVALIDATED
etag
"26760-5cfae097d0280"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2uZSwyg8GmIDSW%2BaaNeBWpQEpJjmCF255EAcm7SJ%2FbflyC%2FhuTYzkurs67nNvutm3iUPen6JUxAwHZbeQ%2BFhK4QUEsytpg1qpCyLgj0Ysi%2BcMrHK4Ju70VCyiirSy9wiBzalk%2FGVuA1Lc1kXzYFM0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 10:39:43 GMT
content-type
image/png
last-modified
Sun, 31 Oct 2021 23:01:14 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d3faa952cd818c7-FRA
accept-ranges
bytes
content-length
157536
server
cloudflare
qbot_chain.png
thedfirreport.com/wp-content/uploads/2022/02/ 		128 KB
129 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thedfirreport.com/wp-content/uploads/2022/02/qbot_chain.png
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bd2f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3e875825f9bea605d1a99bba77aed057900654dd3297b84ab98b4e6424119db

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/

Response headers

cf-cache-status
REVALIDATED
etag
"20152-5d887488df240"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qu2HgPxLKapruFmLTd%2B7xrepy6rjAVFhP5N0avD7FApFJfOH0Vs5ko3JcFV6wMXWIe3okMm%2B3%2FbqEXrUSoxYe%2BzE0kVEJbI%2FN5q2%2FbR5668pDenX0L63lApLTdoeBd6t%2FajHUkdmeCyqOLnMGgqKVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 10:39:43 GMT
content-type
image/png
last-modified
Mon, 21 Feb 2022 13:33:53 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8d3faa952cde18c7-FRA
accept-ranges
bytes
content-length
131410
server
cloudflare
/
server.ethicalads.io/api/v1/decision/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://server.ethicalads.io/api/v1/decision/?publisher=detectionfyi&ad_types=image-v1&div_ids=ad_1729161582855_725272&callback=ad_1729161582855_725272&keywords=&campaign_types=paid%7Cpublisher-house%7Ccommunity%7Chouse&format=jsonp&client_version=1.6.2&url=https%3A%2F%2Fdetection.fyi%2Ftsale%2Fsigma_rules%2Fwindows_exploitation%2Fproc_creation_windows_zero_exe%2F
Requested by
Host: detection.fyi
URL: https://detection.fyi/js/ethicalads.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b52b2de0420b686be046d74ee61e99d0e7984ab0a242a813753cf66811b8f6b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kjLtqwl7pA6%2F4rVP%2FIt%2BQX%2FkGHJwvMOi0nCiBiWDNl0qSKXKwwVtxVbw3%2FTJloWz6UURxryWXp9dPXGDTegZVeqTdD6f4o8TJMj4Gx2j6y1bCN6lCQyQcjztyjaBv7tq4jeqtYPPlI899vAkLHjvc0Ie"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 10:39:43 GMT
content-type
application/javascript; charset=utf-8
vary
Accept, Cookie,Accept-Encoding
x-server
ethicalads00035B
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin
referrer-policy
strict-origin-when-cross-origin
allow
GET, POST, HEAD, OPTIONS
cf-ray
8d3faa954eb1db0b-FRA
content-length
812
server
cloudflare
px.gif
media.ethicalads.io/abp/ 		43 B
342 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.ethicalads.io/abp/px.gif?ch=1&rn=0.5855500154097655
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5d9ceff1677643e67687fb62a8d04a28de54f64f37da4e33f7494fe8acbc891
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/

Response headers

content-md5
PvxrsrHic84LgsefLN5SmA==
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D885AADF65232D
age
6918
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3EhgWwvMrGbVcrxV6%2FNK5JgjXSBX90JOAj7RFeUWb%2BHzo1JQdJnFiO5OfiV8jAQSywBllwEsPZErReTyUm6gplkc%2FHYY23XQRL99nPjDqKmarv%2FsymrzkBLd1EmviqPbj%2FSNheQ%2B7Yv0R7cF95Xys9U%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
image/gif
last-modified
Tue, 10 Nov 2020 19:00:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=3600
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-ms-request-id
3d8f931b-a01e-00e3-441c-204296000000
cf-ray
8d3faa95384918e0-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
x-ms-blob-type
BlockBlob
server
cloudflare
px.gif
media.ethicalads.io/abp/ 		43 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.ethicalads.io/abp/px.gif?ch=2&rn=0.5855500154097655
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5d9ceff1677643e67687fb62a8d04a28de54f64f37da4e33f7494fe8acbc891
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/

Response headers

content-md5
PvxrsrHic84LgsefLN5SmA==
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D885AADF65232D
age
6918
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0bC8tv%2FrfWAqqaKAvv46MC9mdUwc3CybVYjt5Zb1E5Vh%2Bp68INt2z%2FCctRzkooA6k83wZ24OrDefu6eRe%2FX56XV4ZxBD%2Fc1Ey9v6MskIm82sXy84b%2B9srCfkn8xH94z11Obyzhl2ozCLXxTRPitxjvo%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 10:39:42 GMT
content-type
image/gif
last-modified
Tue, 10 Nov 2020 19:00:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=3600
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-ms-request-id
3d8f931b-a01e-00e3-441c-204296000000
cf-ray
8d3faa95384a18e0-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
43
x-ms-blob-type
BlockBlob
server
cloudflare
phish.report_.png
ethicalads.blob.core.windows.net/media/images/2023/06/ 		0
0
/
server.ethicalads.io/proxy/view/4857/937b86e8-fc6f-4a93-b9e1-67ccbac93797/ 		30 B
352 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://server.ethicalads.io/proxy/view/4857/937b86e8-fc6f-4a93-b9e1-67ccbac93797/
Requested by
Host: detection.fyi
URL: https://detection.fyi/tsale/sigma_rules/windows_exploitation/proc_creation_windows_zero_exe/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:47e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://detection.fyi/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOYe%2BJYCtBVb4bT76TGgEGj8pMvwiPS1mAcr%2FZD8oZjx3CYWIQXV2p6HlSMnHwv2ZypEDGiaGogKyfBi2C7QSeemmriDJSjjEgpEM6gMJyAzUK6Oy5mk%2Br64eeajc9%2F25agNuQzMp%2FEwka1I6DCGgpe4"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d3faa971be3db0b-FRA
content-length
30
date
Thu, 17 Oct 2024 10:39:43 GMT
content-type
image/svg+xml
vary
Cookie
x-server
ethicalads000352
server
cloudflare
x-frame-options
DENY

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
stats.bradleyjkemp.dev
URL
https://stats.bradleyjkemp.dev/js/plausible.js
Domain
ethicalads.blob.core.windows.net
URL
https://ethicalads.blob.core.windows.net/media/images/2023/06/phish.report_.png

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| isObj function| createEl function| elem function| elems function| pushClass function| hasClasses function| deleteClass function| modifyClass function| containsClass function| elemAttribute function| wrapEl function| deleteChars function| isBlank function| isMatch function| copyToClipboard function| getMobileOperatingSystem function| horizontalSwipe function| parseBoolean function| forEach function| findQuery function| wrapText function| emptyEl function| matchTarget function| goBack function| wrapOrphanedPreElements function| codeBlocks function| codeBlockFits function| maxHeightIsSet function| restrainCodeBlockHeight function| collapseCodeBlock function| actionPanel function| toggleLineNumbers function| toggleLineWrap function| copyCode function| disableCodeLineNumbers function| fileClosure object| hljs object| elClass object| e function| t function| initializeSearch function| highlightSearchTerms function| Fuse object| ethicalads function| ad_1729161582855_725272

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

detection.fyi
ethicalads.blob.core.windows.net
media.ethicalads.io
server.ethicalads.io
stats.bradleyjkemp.dev
thedfirreport.com
ethicalads.blob.core.windows.net
stats.bradleyjkemp.dev
2606:4700:20::ac43:47e6
2606:4700:3036::ac43:bd2f
2606:50c0:8001::153
0972799d3baf1299429a3b6409decb3c552bae91d9548d540cfdbd9cfddd6074
26651cf8ae6fe488660217eb320427020fea97802a80ef2a5ecc3ff3ac65f0ab
3664cf60656a87a7e1bf1d1e98cfe7e83d01a00133508251757fdbd1b9128d3a
37b46b56624b0e499033332f5527e8a6d56fa892e51c6106d83b46218e8683d9
44f9df60fe3a60b5ddbb3b496132396f194141854f5c367ff52d880d322cd124
553c1769d7f52348863fd9476a327491e638ee0394b820ca643f1fe5704fd118
6326f6e40a6b8b8af6d12780e2043c40b2dfec8f9cb07c8afdb17d419bb94878
73ca42e6ade14b9c05b89e6c07f8619c28bd577de686f7a5f6081c33773aa050
86f10bb7af352f4933dff4357118b289cd14ad92f2f59985f69af88d87f74c85
8bd3087ba0741d2db8fcaa991719f1deefd3a3d8234592917069f36377178b5b
a5d9ceff1677643e67687fb62a8d04a28de54f64f37da4e33f7494fe8acbc891
b52b2de0420b686be046d74ee61e99d0e7984ab0a242a813753cf66811b8f6b9
ccc6ad34e46e9369935d4e1dd4ad6e155538931eebf4f7f10e560f21013c094a
d2cc8532e11b5b8dcb08c06e3406378c6367982418a6acd8642a01da62a8a411
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e920e6b0e7987aceb8df32656d01d44057e2c08646716202d594e06b5010ae70
f3e875825f9bea605d1a99bba77aed057900654dd3297b84ab98b4e6424119db