urlscan.io logo urlscan.io
SecurityTrails logo

www.ired.team Open in urlscan Pro
188.166.160.174  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-she...
Submission: On September 29 via manual from KR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 15 domains to perform 71 HTTP transactions. The main IP is 188.166.160.174, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is www.ired.team.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 22nd 2020. Valid for: 3 months.
This is the only time www.ired.team was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    188.166.160.174 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: eu2-do-fra.blobs.gitbook.me
www.ired.team
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
6    2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
45    2606:4700::6812:96f (United States)

ASN13335 (CLOUDFLARENET, US)
gstatic.gitbook.com
gblobscdn.gitbook.com
app.gitbook.com
www.gitbook.com
1    2a04:4e42:600::621 (Ascension Island)

ASN54113 (FASTLY, US)
polyfill.io
2    2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh5.googleusercontent.com
2    185.199.111.153 (United States)

ASN54113 (FASTLY, US)
capt-meelo.github.io
2    185.199.110.153 (United States)

ASN54113 (FASTLY, US)
captmeelo.com
2    2606:4700::6810:7891 (United States)

ASN13335 (CLOUDFLARENET, US)
miro.medium.com
2    104.27.168.40 (United States)

ASN13335 (CLOUDFLARENET, US)
pentest.blog
2    2a02:26f0:6c00:29b::353e (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
docs.microsoft.com
1    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:e0::ac40:6402 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.lr-ingest.io
1    2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
33 gblobscdn.gitbook.com www.ired.team
gstatic.gitbook.com
10 gstatic.gitbook.com www.ired.team
gstatic.gitbook.com
6 cdn.jsdelivr.net www.ired.team
cdn.jsdelivr.net
gstatic.gitbook.com
3 www.google-analytics.com gstatic.gitbook.com
2 docs.microsoft.com www.ired.team
2 pentest.blog www.ired.team
2 miro.medium.com www.ired.team
2 captmeelo.com www.ired.team
2 capt-meelo.github.io 2 redirects
2 lh5.googleusercontent.com www.ired.team
gstatic.gitbook.com
1 www.gitbook.com gstatic.gitbook.com
1 app.gitbook.com gstatic.gitbook.com
1 cdn.lr-ingest.io gstatic.gitbook.com
1 fonts.gstatic.com fonts.googleapis.com
1 polyfill.io www.ired.team
1 unpkg.com www.ired.team
1 fonts.googleapis.com www.ired.team
1 www.ired.team
71 18
Subject Issuer Validity Valid
www.ired.team
Let's Encrypt Authority X3		 2020-07-22 -
2020-10-20		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-02 -
2021-08-02		 a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-09-21 -
2021-04-17		 7 months crt.sh
*.googleusercontent.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
captmeelo.com
Let's Encrypt Authority X3		 2020-09-18 -
2020-12-17		 3 months crt.sh
*.medium.com
DigiCert SHA2 Secure Server CA		 2020-08-19 -
2022-10-05		 2 years crt.sh
pentest.blog
Cloudflare Inc ECC CA-3		 2020-08-29 -
2021-08-29		 a year crt.sh
docs.microsoft.com
Microsoft IT TLS CA 1		 2019-04-19 -
2021-04-19		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-09-03 -
2020-11-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Frame ID: 2EC9668AB74621B929A9B61CE38A7211
Requests: 71 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/polyfill\.min\.js/i

Page Statistics

71
Requests

99 %
HTTPS

75 %
IPv6

15
Domains

18
Subdomains

16
IPs

3
Countries

9331 kB
Transfer

15848 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://capt-meelo.github.io//static/img/avatar.jpg HTTP 301
  • https://captmeelo.com//static/img/avatar.jpg
Request Chain 57
  • https://capt-meelo.github.io//static/img/avatar.jpg HTTP 301
  • https://captmeelo.com//static/img/avatar.jpg

71 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request backdooring-portable-executables-pe-with-shellcode
www.ired.team/offensive-security/code-injection-process-injection/ 		2 MB
354 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.166.160.174 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
eu2-do-fra.blobs.gitbook.me
Software
/
Resource Hash
6c724392f6eb6bb0a776ab433ee83461fe3f47feb6076536f084f1a6c7f9325e

Request headers

:method
GET
:authority
www.ired.team
:scheme
https
:path
/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
age
57207
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
W/"1a039f-FWK0fwQxSvYMt+rgVUZ56JbCLP0"
last-modified
Tue, 29 Sep 2020 06:39:19 GMT
vary
Accept-Encoding
x-cache
HIT
x-cdn-cache-group
-LFEMnER3fywgFHoroYn
date
Tue, 29 Sep 2020 22:32:46 GMT
css
fonts.googleapis.com/ 		2 KB
699 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
05b51d0da9e1e193f0066206631581ccd8b2dd6617917b3b6bcd707cb727fcd1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 29 Sep 2020 22:32:46 GMT
server
ESF
date
Tue, 29 Sep 2020 22:32:46 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 29 Sep 2020 22:32:46 GMT
emojione-sprite-40.min.css
unpkg.com/emojione-assets@4.0.0/sprites/ 		183 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/emojione-assets@4.0.0/sprites/emojione-sprite-40.min.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
13717419
status
200
vary
Accept-Encoding
cf-request-id
057d984030000064e599a9a200000001
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"2dc7c-MlEndlChcp6B66cJCh5yD8CB/Fo"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
e9a16aeaeb575aad39009b5bf7f9e8da
cache-control
public, max-age=31536000
cf-ray
5da92979ea9d64e5-FRA
katex.min.css
cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ac677fc8f407f4d138936101450bb6f8dc7bbff5b9b179367be2a8ff4f604799
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
5383853
x-cache
HIT, HIT
status
200
content-length
3252
etag
W/"574b-3/HqF2/k6+4dZUT5WNJ/3EPuVgQ"
x-served-by
cache-fra19155-FRA, cache-hhn4048-HHN
date
Tue, 29 Sep 2020 22:32:46 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 		1 KB
886 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
content-encoding
gzip
cf-cache-status
HIT
age
14602450
cf-polished
origSize=1701
x-guploader-uploadid
AEnB2UrlDK_P-tvLL-hZ_KGdddll9vW79s8Qa_b-ki9YM-sK1t0EWBgQY9--qdFaOWT8Vnfu71c6ElLCX4IAdLRYoC4u5ADuSV8savv_0MOwQLLCCCI-0so
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
057d9840360000dfff59860200000001
last-modified
Sat, 04 Apr 2020 21:36:58 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1583845128372242
access-control-allow-origin
*
expires
Fri, 09 Apr 2021 13:05:02 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
5da92979fdd2dfff-FRA
cf-bgj
minify
polyfill.min.js
polyfill.io/v3/ 		72 B
589 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?flags=gated&features=Intl
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
12126515
detected-user-agent
Chrome Mobile/83.0.4103
status
200
request_came_from_shield
FRA
server-timing
HIT, fastly;desc="Edge time";dur=0, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length
74
referrer-policy
origin-when-cross-origin
last-modified
Tue, 12 May 2020 13:13:15 GMT
date
Tue, 29 Sep 2020 22:32:46 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/83.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png
gblobscdn.gitbook.com/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
10415105
x-guploader-uploadid
AAANsUlMpqhuPwwtimWInrIHOriRAd2AhLLdRqiNqWp2n0BT_Du82TRHLdQzSi_dCI_wOxd3Z8BGlVQRtz7U4x-PkZO2avBgqQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
29066
cf-request-id
057d9840360000dfff59861200000001
last-modified
Sat, 08 Sep 2018 20:00:14 GMT
server
cloudflare
etag
"2965c5f978755802debc0291c5574853"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation
1536436814766237
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
29066
x-goog-meta-firebasestoragedownloadtokens
1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges
bytes
cf-ray
5da92979fdd5dfff-FRA
expires
Thu, 27 May 2021 12:37:09 GMT
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:09:47 GMT
x-content-type-options
nosniff
age
1379
status
200
content-disposition
inline;filename=""
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 13:56:40 GMT
avatar.jpg
captmeelo.com//static/img/
Redirect Chain
  • https://capt-meelo.github.io//static/img/avatar.jpg
  • https://captmeelo.com//static/img/avatar.jpg
16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://captmeelo.com//static/img/avatar.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
325e8deaea83445638c8d9e06570b417bb6e165e4991aa3bb5a6a4bb10cfc495

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
aacf0fc6ad2ed953c6ab32aaad5e691ace20f8ea
date
Tue, 29 Sep 2020 22:32:46 GMT
via
1.1 varnish
age
0
x-cache
MISS
status
200
content-length
16770
x-served-by
cache-cph20645-CPH
last-modified
Sat, 29 Feb 2020 02:25:35 GMT
server
GitHub.com
x-github-request-id
A736:583A:9F40DA1:A9FE937:5F73AAB6
x-timer
S1601418767.801522,VS0,VE99
etag
"5e59cb9f-4182"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Tue, 29 Sep 2020 21:54:22 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0

Redirect headers

x-fastly-request-id
3db64c16478cd49742c354586e3bc633f5e6eea6
date
Tue, 29 Sep 2020 22:32:46 GMT
via
1.1 varnish
age
0
x-cache
MISS
status
301
content-length
162
x-served-by
cache-cph20625-CPH
server
GitHub.com
x-github-request-id
BD8A:B97F:95A513D:9F5E90D:5F73B608
x-timer
S1601418766.490540,VS0,VE98
vary
Accept-Encoding
content-type
text/html
location
https://captmeelo.com//static/img/avatar.jpg
accept-ranges
bytes
x-cache-hits
0
1*2C4W4uLlUX1nesN-ycPUWg.png
miro.medium.com/max/1200/ 		278 KB
279 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://miro.medium.com/max/1200/1*2C4W4uLlUX1nesN-ycPUWg.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Geomyidae artificij
Resource Hash
11f60cd84541934fe3b7b8000bae630c7620cdfaf5a4adf9aaa1680523efc2a4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
133004
x-powered-by
Geomyidae artificij
x-obvious-info
16.3, 3203-7aaf868
status
200
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
285153
cf-request-id
057d984077000005d42aa4f200000001
pragma
public
server
cloudflare
etag
"16.3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5da9297a585205d4-FRA
expires
Thu, 29 Oct 2020 22:32:46 GMT
camera-door.jpg
pentest.blog/wp-content/uploads/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pentest.blog/wp-content/uploads/camera-door.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.27.168.40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28e5b93338e5842753aabad1f88f7221a3908d9ddc1273c599a23db8f9308569
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2904
status
200
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
338299
cf-request-id
057d9840a50000d8914dafc200000001
last-modified
Fri, 16 Dec 2016 09:31:12 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5853b460-5297b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=65&lkg-time=1601418767"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
5da9297aacdad891-CPH
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/ 		449 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
status
200
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 16 Dec 2019 19:04:37 GMT
x-datacenter
eus
date
Tue, 29 Sep 2020 22:32:46 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=789
etag
"0x8D7825ACB981CED"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:cd765a3e-2aba-43aa-b307-6e4b3b4be342
expires
Tue, 29 Sep 2020 22:45:55 GMT
f4fa50c4003f87e7dc10459e500933c3.woff
gstatic.gitbook.com/fonts/ 		92 KB
93 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/f4fa50c4003f87e7dc10459e500933c3.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
5965042
x-guploader-uploadid
AEnB2UpI_BqTAZIOqM1zQJlYUz0lXS0y6CCvAisuh6orhBvUiwbkdq2I4d0l9u_a7ojhHngwXtxqFpd0RBCd8usJCH_hf3YGqwqRkumAONewcAEgD110wjc
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94368
cf-request-id
057d9840770000c28103b57200000001
last-modified
Tue, 30 Jun 2020 17:23:36 GMT
server
cloudflare
etag
"f4fa50c4003f87e7dc10459e500933c3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=FUjfEA==, md5=9PpQxAA/h+fcEEWeUAkzww==
x-goog-generation
1583845128534922
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94368
accept-ranges
bytes
cf-ray
5da9297a5bb6c281-FRA
expires
Thu, 08 Jul 2021 13:10:40 GMT
72e37e5bf95a8dba938c78b1d7d91253.woff
gstatic.gitbook.com/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/72e37e5bf95a8dba938c78b1d7d91253.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
5965042
x-guploader-uploadid
AAANsUlWbz4vazEENIzf5-4g6uOwHWllNIE1HHsKAe_KM3PAP9jdZr5BYmBRXhlKhYQxN6wJnL0QZHpHg8f3orrjTwo
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94040
cf-request-id
057d9840770000c28103b58200000001
last-modified
Mon, 22 Jun 2020 13:52:30 GMT
server
cloudflare
etag
"72e37e5bf95a8dba938c78b1d7d91253"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=TBIniA==, md5=cuN+W/lajbqTjHix19kSUw==
x-goog-generation
1590520794693204
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94040
accept-ranges
bytes
cf-ray
5da9297a5bb7c281-FRA
expires
Sat, 26 Jun 2021 09:14:21 GMT
fc3d4b35e4d07d4e0485cc2db0e57c77.woff
gstatic.gitbook.com/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/fc3d4b35e4d07d4e0485cc2db0e57c77.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
55962
x-guploader-uploadid
AEnB2UqsZ3WK_xS0YchRtujyaXSHhWyr8A3u9cWzDfV84KgDBxBluJjubL9gKNbI1STPBxQltx3kLRWA6bEaNRNxSvRzAcBChQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
93788
cf-request-id
057d9840770000c28103b59200000001
last-modified
Fri, 11 Sep 2020 10:03:20 GMT
server
cloudflare
etag
"fc3d4b35e4d07d4e0485cc2db0e57c77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=7TN+QQ==, md5=/D1LNeTQfU4EhcwtsOV8dw==
x-goog-generation
1584024803933768
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
93788
accept-ranges
bytes
cf-ray
5da9297a5bb8c281-FRA
expires
Sun, 12 Sep 2021 16:33:50 GMT
HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
fonts.gstatic.com/s/sourcecodepro/v13/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcecodepro/v13/HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.ired.team
Referer
https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 25 Sep 2020 00:22:39 GMT
x-content-type-options
nosniff
last-modified
Thu, 24 Sep 2020 23:57:48 GMT
server
sffe
age
425407
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11232
x-xss-protection
0
expires
Sat, 25 Sep 2021 00:22:39 GMT
KaTeX_Main-Regular.woff2
cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/KaTeX_Main-Regular.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6b4352af4a7dcf675aa2301db9d828d99f5a8b38fa0171b31df5f49ec75b0fc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.ired.team
Referer
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
age
5383783
x-cache
HIT, HIT
status
200
content-length
33096
etag
W/"8148-fRcnQjCpzvN7iZHfortW6uL3Xn4"
x-served-by
cache-fra19138-FRA, cache-hhn4048-HHN
date
Tue, 29 Sep 2020 22:32:46 GMT
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
KaTeX_Math-Italic.woff2
cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/KaTeX_Math-Italic.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
30e49e4b4bdd54613b6c1dcbef7f61e304efc5ae3f466f4882bc8aa9c6976bed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.ired.team
Referer
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
age
1063171
x-cache
HIT, HIT
status
200
cross-origin-resource-policy
cross-origin
content-length
20416
etag
W/"4fc0-wze6fE2+WzHCIo8wGigvxUceQt4"
x-served-by
cache-fra19136-FRA, cache-hhn4048-HHN
date
Tue, 29 Sep 2020 22:32:46 GMT
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzORtGb_fVtxARZaf9%2Fimage.png
gblobscdn.gitbook.com/ 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzORtGb_fVtxARZaf9%2Fimage.png?alt=media&token=8369cb1a-f512-476b-bc00-f25184cfe96b
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cb62641751cbaf6261a2d8c5d666d6502b37b12bad2a9dba6bdf8143f2e704d

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-Uxoq9DB_bkZ0X_cSVDtbwLQXAo7-SV35siTKuX1gWMzuMCug42U3PJl_3Hil6Z3ZDYQLuWwnqpxzvZJNHMLIBt7s8bsbw
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
127559
cf-request-id
057d9840fc0000dfff5986b200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"9897869fe97423290337f292d8de6571"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Jb/0Qw==, md5=mJeGn+l0IykDN/KS2N5lcQ==
x-goog-generation
1564432989860777
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
127559
x-goog-meta-firebasestoragedownloadtokens
8369cb1a-f512-476b-bc00-f25184cfe96b
accept-ranges
bytes
cf-ray
5da9297b2f83dfff-FRA
expires
Tue, 28 Sep 2021 09:34:45 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzO5goEZJR5vHGqcUo%2Fimage.png
gblobscdn.gitbook.com/ 		92 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzO5goEZJR5vHGqcUo%2Fimage.png?alt=media&token=507689fa-2715-477d-8062-3b91b9d11fd2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a9a94947f91f66095836a496e7a91b58fc31dda64cc01cec30d2ed26cd22e56

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
124604
x-guploader-uploadid
ABg5-UyqPuWi6EWyCJIOaN2pqpQFGKqS7wPrfqrHMKsD9w_TaDgLRKI0wmeeBJD5kbrn5H5NGChjoo6Wq27cgFXJ7baVNrI13w
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
94244
cf-request-id
057d9840fc0000dfff5986c200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"48b33236a2bb60c3009ee34f1f3e0985"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=6ZQR4g==, md5=SLMyNqK7YMMAnuNPHz4JhQ==
x-goog-generation
1564432989804533
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
94244
x-goog-meta-firebasestoragedownloadtokens
507689fa-2715-477d-8062-3b91b9d11fd2
accept-ranges
bytes
cf-ray
5da9297b2f86dfff-FRA
expires
Mon, 27 Sep 2021 17:33:59 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOCl4UOrIytApTV37%2Fimage.png
gblobscdn.gitbook.com/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOCl4UOrIytApTV37%2Fimage.png?alt=media&token=49a8815e-5d9a-4d5b-b067-2c5cf1bef0ff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d6903dca0363e2b6cfbfc76bfd887e39dda62c20797acc10a56053f9476f1dd

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
32115
x-guploader-uploadid
ABg5-Uw9XdgFMCRFoEn1z62VIIb_CAel-TEJvGLJ_K2buv30jNVMb_ZtXmegdzzNG1W6DzWI2cl7FDZbGGl-GGiDlFM
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
48438
cf-request-id
057d9840fc0000dfff5986d200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"6dc79fe1609928fea7ba884394e5c0ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=q5iFDQ==, md5=bcef4WCZKP6nuohDlOXA6g==
x-goog-generation
1564432989269283
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
48438
x-goog-meta-firebasestoragedownloadtokens
49a8815e-5d9a-4d5b-b067-2c5cf1bef0ff
accept-ranges
bytes
cf-ray
5da9297b2f88dfff-FRA
expires
Tue, 28 Sep 2021 09:34:46 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOGitaJ8ENZx4aN_2%2Fimage.png
gblobscdn.gitbook.com/ 		96 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOGitaJ8ENZx4aN_2%2Fimage.png?alt=media&token=7dfd580e-131d-4f55-946e-32217f22bbb5
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5223dedd79219cb3556733314dba6098d2ab47967a97c43c46af8b53b4c0f76

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-UxB9C_s9ptsGNSpPK5T3RqILwM1N24QASeVBf9GD3MKfpE9QmPQFKscJAEww4Y7OgubB-oP_2LDz9809bqRZiVHKPMR2w
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
98455
cf-request-id
057d9840fc0000dfff5986e200000001
last-modified
Mon, 29 Jul 2019 20:43:10 GMT
server
cloudflare
etag
"72c7939b5628ef8c82a1b327b77c30fa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=QLpzOA==, md5=cseTm1Yo74yCobMnt3ww+g==
x-goog-generation
1564432990001084
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
98455
x-goog-meta-firebasestoragedownloadtokens
7dfd580e-131d-4f55-946e-32217f22bbb5
accept-ranges
bytes
cf-ray
5da9297b2f89dfff-FRA
expires
Wed, 29 Sep 2021 13:37:31 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzP2MTzsyl_xVHjMdH%2Fimage.png
gblobscdn.gitbook.com/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzP2MTzsyl_xVHjMdH%2Fimage.png?alt=media&token=dcdb5e64-136f-4aac-9ef5-82a500474526
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0f33a0d0d19a53dc4d4b9d9827b373f9669f07b415841fc861be9730d097768

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
32114
status
200
x-guploader-uploadid
ABg5-UzGT4wMlPhaFPZXckK44Ajk37c_CtL4JS2ckr5AYRnnqV2spQhYZcg64wx0U_EIz2p9jSZTNybc19-HEdD2cKA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
51844
cf-request-id
057d9840fc0000dfff5986f200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"9fd16585aaf4ff6886ab9b2c895a4ce6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=EGODhg==, md5=n9Flhar0/2iGq5ssiVpM5g==
x-goog-generation
1564432989277698
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
51844
x-goog-meta-firebasestoragedownloadtokens
dcdb5e64-136f-4aac-9ef5-82a500474526
accept-ranges
bytes
cf-ray
5da9297b2f8bdfff-FRA
expires
Wed, 29 Sep 2021 13:37:31 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzPrlIuIHPhePj4gbB%2Fimage.png
gblobscdn.gitbook.com/ 		517 KB
518 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzPrlIuIHPhePj4gbB%2Fimage.png?alt=media&token=746de31c-efed-4a3b-b205-410476c3b141
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fb85de89a003f0fc5520be2a9e52120673bb15c2030a00a8460098f4e1b7e39

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-UxflSRDsDK7-jvC6GFbUB4HFsa6NBsbunkg8m1G47BGA_v1meHodR-kKggwk4ZinDQxS083Klr-0d-nQgdjx7T9gJ8meA
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
529253
cf-request-id
057d9840fc0000dfff59870200000001
last-modified
Mon, 29 Jul 2019 20:43:10 GMT
server
cloudflare
etag
"852eacb37653582d90d217718af1a691"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=x7b1FA==, md5=hS6ss3ZTWC2Q0hdxivGmkQ==
x-goog-generation
1564432990282717
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
529253
x-goog-meta-firebasestoragedownloadtokens
746de31c-efed-4a3b-b205-410476c3b141
accept-ranges
bytes
cf-ray
5da9297b2f8cdfff-FRA
expires
Tue, 28 Sep 2021 09:34:47 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzjA_6AlbSx8OnPyKt%2F-LkzjE8L4qN2ICgbKYm1%2Fbackdoored-pe.gif
gblobscdn.gitbook.com/ 		350 KB
351 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzjA_6AlbSx8OnPyKt%2F-LkzjE8L4qN2ICgbKYm1%2Fbackdoored-pe.gif?alt=media&token=874cd18a-d3a4-4e9a-bb44-c553bbef4b9a
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9934616622c78d38d812ebecaa2871f544ad94d91b5d281d7873186698ce2477

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
ABg5-UwfreA_YnPFeTctqM_ihEwCd4Fe2BPyOTGrvGC4kbK3cLLZIC7AFgDJG8v5uBs8b7qQRnpy8u_AVmHrv6sh_R5xtivWkw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''backdoored-pe.gif
content-type
image/gif
content-length
358520
cf-request-id
057d9841130000dfff59872200000001
last-modified
Mon, 29 Jul 2019 22:02:03 GMT
server
cloudflare
etag
"e68eb99582c5f0f4ebd80947d9428888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=oU3hlA==, md5=5o65lYLF8PTr2AlH2UKIiA==
x-goog-generation
1564437723245057
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
358520
x-goog-meta-firebasestoragedownloadtokens
874cd18a-d3a4-4e9a-bb44-c553bbef4b9a
accept-ranges
bytes
cf-ray
5da9297b5fb5dfff-FRA
expires
Wed, 29 Sep 2021 22:32:46 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-Lkz_YnFy5qqhlkFJfyH%2Fimage.png
gblobscdn.gitbook.com/ 		314 KB
315 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-Lkz_YnFy5qqhlkFJfyH%2Fimage.png?alt=media&token=b0893467-7990-4a5b-9363-d807aabdfc57
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7199cb819a055161b65ffb591c73e334a17c7f6b8cbe722628bfc006877b6894

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
32115
x-guploader-uploadid
ABg5-Ux8an1QZwwRqNz5ORMhtiriuZHp5-EQtestZerp-W1EyaT8xU1hJXJSHegt_8j6qYuDjK6qFitSLPhJugcdnxueT_cxfQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
321501
cf-request-id
057d98411a0000dfff59874200000001
last-modified
Mon, 29 Jul 2019 21:54:59 GMT
server
cloudflare
etag
"7a2a719cd8446c642452c50b9128415b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Sm6vew==, md5=eipxnNhEbGQkUsULkShBWw==
x-goog-generation
1564437299816705
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
321501
x-goog-meta-firebasestoragedownloadtokens
b0893467-7990-4a5b-9363-d807aabdfc57
accept-ranges
bytes
cf-ray
5da9297b5fd0dfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaylyCqa-8zRfcmsD%2Fimage.png
gblobscdn.gitbook.com/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaylyCqa-8zRfcmsD%2Fimage.png?alt=media&token=47182ac5-203e-4a7b-8f1a-8fa93b58eb26
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
578158d24f6db88a8f597bb4c22e4deead7ceb7a592fcfe81df62d18041c01f9

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
32115
x-guploader-uploadid
ABg5-UxEQLt_kmGIWxSLOiZ2Mqdx6uGtz_yKwz2xAUVaaisRlA2Xn3mQqrRsS1Hkta1GiuAdyH3_tsuBuWLvuvCuhBoPmnFjZg
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
22257
cf-request-id
057d98411d0000dfff59875200000001
last-modified
Mon, 29 Jul 2019 21:54:58 GMT
server
cloudflare
etag
"c123c1ec616ee07e4e00f96823342ca1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jcRQcw==, md5=wSPB7GFu4H5OAPloIzQsoQ==
x-goog-generation
1564437298427818
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
22257
x-goog-meta-firebasestoragedownloadtokens
47182ac5-203e-4a7b-8f1a-8fa93b58eb26
accept-ranges
bytes
cf-ray
5da9297b6fd6dfff-FRA
expires
Tue, 28 Sep 2021 09:34:49 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaQceOQ3j5kB3XaBY%2Fimage.png
gblobscdn.gitbook.com/ 		73 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaQceOQ3j5kB3XaBY%2Fimage.png?alt=media&token=c5ea539a-a919-486e-a98b-cc9e7a9a9f1f
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7433c21695c88fef6461f9515b4169bf4eba785d6273ceaaf56b22f85df7f21

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
32115
x-guploader-uploadid
ABg5-UwNejUOTLrOWWtrDT_GTOg_8bGR9zW3lwN0USnadZ9fv_COuDc8ye5ul-iOCQN78Z-_DN058Ht4jBXdHnzCGpI
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
74983
cf-request-id
057d9841230000dfff59876200000001
last-modified
Mon, 29 Jul 2019 21:54:59 GMT
server
cloudflare
etag
"52856424172c29994a7d4bfb4b13c39c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=EuzMUQ==, md5=UoVkJBcsKZlKfUv7SxPDnA==
x-goog-generation
1564437299497907
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
74983
x-goog-meta-firebasestoragedownloadtokens
c5ea539a-a919-486e-a98b-cc9e7a9a9f1f
accept-ranges
bytes
cf-ray
5da9297b6fdfdfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll8wvkscvRygy8w0ozX%2F-Ll96u5bb1q1OXCJX5Kh%2Fcode-redirection.gif
gblobscdn.gitbook.com/ 		286 KB
286 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll8wvkscvRygy8w0ozX%2F-Ll96u5bb1q1OXCJX5Kh%2Fcode-redirection.gif?alt=media&token=73cac3ac-41df-43f4-9b78-e6802fb57759
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9745a7a64330347faf81323c0097a1ee299d3cb0ba8b59624a0187376bdbce02

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
cf-cache-status
HIT
age
32115
x-guploader-uploadid
ABg5-UxMeTROLSXCFexmtbtDcJg8199RjmrNV6Frs2b_-L6J5xAiv-kJBXHzsodl3T6eoCNRTPOIOuYQ4PhSSwls1w
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''code-redirection.gif
content-type
image/gif
content-length
292448
cf-request-id
057d9841240000dfff59877200000001
last-modified
Wed, 31 Jul 2019 22:35:29 GMT
server
cloudflare
etag
"efa0b4e6e7ac212b277fdbf5f0c62dd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ZCeeTA==, md5=76C05uesISsnf9v18MYt1g==
x-goog-generation
1564612529012882
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
292448
x-goog-meta-firebasestoragedownloadtokens
73cac3ac-41df-43f4-9b78-e6802fb57759
accept-ranges
bytes
cf-ray
5da9297b6fe0dfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
111.e076405c.js
gstatic.gitbook.com/js/ 		3 MB
943 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/111.e076405c.js
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbecd81a887112fc48df01642563a0a17289a991a41af17256750391ba108e49

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
content-encoding
gzip
cf-cache-status
HIT
age
374367
status
200
cf-polished
origSize=3411297
x-guploader-uploadid
ABg5-Ux57VnUXkZNh3RvVAQh7PdkkxaFGgzdiEyA4HPsB33Nl_2-P4ECXHwEEznqO-CPrHYz2Dmu9qNtas6Y92wjIAhXLBPu0Q
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
057d98415d0000c28103b60200000001
expires
Sat, 25 Sep 2021 14:32:35 GMT
last-modified
Fri, 25 Sep 2020 14:29:54 GMT
server
cloudflare
etag
W/"9745f0812ec6c57bc464c4071ebaff7b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=lT6a4Q==, md5=l0XwgS7GxXvEZMQHHrr/ew==
x-goog-generation
1601044194393831
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
3411297
cf-ray
5da9297bcdfdc281-FRA
cf-bgj
minify
chunk.193.9c60e789.js
gstatic.gitbook.com/js/ 		247 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/chunk.193.9c60e789.js
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
479985cc857d9a8412e5255f8749359c2c75b70cc19c6635d8b7b88bb77b35eb

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
content-encoding
gzip
cf-cache-status
HIT
age
410197
status
200
cf-polished
origSize=253395
x-guploader-uploadid
AAANsUklMpmuoOn48OCrcmfc9L6qGyVq3UTD6mJijh-1dd-ej70EhSacEw3tjU4F6WR7mOl-S_aCzhec6O3XYUiGxjGeE6D-Kg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
057d98415e0000c28103b61200000001
expires
Tue, 31 Aug 2021 13:14:18 GMT
last-modified
Wed, 05 Aug 2020 09:59:33 GMT
server
cloudflare
etag
W/"87a62c274e163e81a2ac1e35ded71038"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=4sdnqQ==, md5=h6YsJ04WPoGirB413tcQOA==
x-goog-generation
1593537816384686
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
253395
cf-ray
5da9297bcdffc281-FRA
cf-bgj
minify
logger.min.js
cdn.lr-ingest.io/ 		593 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.lr-ingest.io/logger.min.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6402 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce2f21031c7967ee814084ad77a35ad2d51c51207c072d2d5a48c7957ccd3b2c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:46 GMT
content-encoding
br
vary
x-fh-requested-host, accept-encoding
cf-cache-status
HIT
age
201
x-cache
MISS
status
200
cf-request-id
057d98426c0000e003cf938200000001
x-served-by
cache-fra19140-FRA
last-modified
Tue, 29 Sep 2020 19:37:24 GMT
server
cloudflare
x-timer
S1601408330.026396,VS0,VE402
etag
W/"d9fe757118e262a0f2eb5bda3c6761cf02e02ec7b22a9aeae7650dd077039183"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31556926
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
5da9297d7bc9e003-FRA
x-cache-hits
0
__session
app.gitbook.com/ 		52 B
716 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.gitbook.com/__session?proposed=ca6f90ba-d371-4661-8e7d-7c9cedcf4febR
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
388414ddd30b73425b5292e8b0b886a96a59fe2b2b89e008c632770c6cc9605f

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
x-magic-hash
bdc68fe8a6872bad5bf47b9989bc0a11162e32a556b6597c701328c8a6bdab1b
x-powered-by
Express
x-cache
MISS
x-release
gitbook-28427-6.19.4
status
200
cf-request-id
057d9843df0000dfff5989e200000001
access-control-allow-origin
https://www.ired.team
server
cloudflare
etag
W/"34-5OWF3yrjYU0/ZDQ9774l6jslDDA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
via
no cache
x-cloud-trace-context
87f37b63b90caaad7c1ec1906a9a73a3
cache-control
private
access-control-allow-credentials
true
function-execution-id
6ey3wasdsa8w
cf-ray
5da9297fcdc6dfff-FRA
expires
Tue, 29 Sep 2020 22:32:47 GMT
2c4b2d40-08cd-47db-9162-6a1c43981fb5
https://www.ired.team/ 		408 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ired.team/2c4b2d40-08cd-47db-9162-6a1c43981fb5
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7f194c6eb560025d7cf42a2cb771976d2df2e692046ffe5b112fb8555ac2e52

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
417720
spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png
gblobscdn.gitbook.com/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
10415106
x-guploader-uploadid
AAANsUlMpqhuPwwtimWInrIHOriRAd2AhLLdRqiNqWp2n0BT_Du82TRHLdQzSi_dCI_wOxd3Z8BGlVQRtz7U4x-PkZO2avBgqQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
29066
cf-request-id
057d9845430000dfff598b5200000001
last-modified
Sat, 08 Sep 2018 20:00:14 GMT
server
cloudflare
etag
"2965c5f978755802debc0291c5574853"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation
1536436814766237
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
29066
x-goog-meta-firebasestoragedownloadtokens
1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges
bytes
cf-ray
5da929820907dfff-FRA
expires
Thu, 27 May 2021 12:37:09 GMT
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
content-encoding
gzip
cf-cache-status
HIT
age
14602451
cf-polished
origSize=1701
x-guploader-uploadid
AEnB2UrlDK_P-tvLL-hZ_KGdddll9vW79s8Qa_b-ki9YM-sK1t0EWBgQY9--qdFaOWT8Vnfu71c6ElLCX4IAdLRYoC4u5ADuSV8savv_0MOwQLLCCCI-0so
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
057d9845fc0000dfff598bf200000001
last-modified
Sat, 04 Apr 2020 21:36:58 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1583845128372242
access-control-allow-origin
*
expires
Fri, 09 Apr 2021 13:05:02 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
5da929832a57dfff-FRA
cf-bgj
minify
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzORtGb_fVtxARZaf9%2Fimage.png
gblobscdn.gitbook.com/ 		125 KB
125 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzORtGb_fVtxARZaf9%2Fimage.png?alt=media&token=8369cb1a-f512-476b-bc00-f25184cfe96b
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cb62641751cbaf6261a2d8c5d666d6502b37b12bad2a9dba6bdf8143f2e704d

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
ABg5-UxCpzCsciQ0o7WYE6qJesolaxGB8mAEKRqWONPBfV9gUdrIrI6h6qVAcDz1Q0iRZwWugj0o_QAoTo8tec9jlqcwTArS3A
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
127559
cf-request-id
057d9845ff0000dfff598c0200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"9897869fe97423290337f292d8de6571"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Jb/0Qw==, md5=mJeGn+l0IykDN/KS2N5lcQ==
x-goog-generation
1564432989860777
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
127559
x-goog-meta-firebasestoragedownloadtokens
8369cb1a-f512-476b-bc00-f25184cfe96b
accept-ranges
bytes
cf-ray
5da929833a60dfff-FRA
expires
Wed, 29 Sep 2021 22:32:47 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzO5goEZJR5vHGqcUo%2Fimage.png
gblobscdn.gitbook.com/ 		92 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzO5goEZJR5vHGqcUo%2Fimage.png?alt=media&token=507689fa-2715-477d-8062-3b91b9d11fd2
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a9a94947f91f66095836a496e7a91b58fc31dda64cc01cec30d2ed26cd22e56

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
124605
x-guploader-uploadid
ABg5-UyqPuWi6EWyCJIOaN2pqpQFGKqS7wPrfqrHMKsD9w_TaDgLRKI0wmeeBJD5kbrn5H5NGChjoo6Wq27cgFXJ7baVNrI13w
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
94244
cf-request-id
057d9846040000dfff598c1200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"48b33236a2bb60c3009ee34f1f3e0985"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=6ZQR4g==, md5=SLMyNqK7YMMAnuNPHz4JhQ==
x-goog-generation
1564432989804533
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
94244
x-goog-meta-firebasestoragedownloadtokens
507689fa-2715-477d-8062-3b91b9d11fd2
accept-ranges
bytes
cf-ray
5da929833a6fdfff-FRA
expires
Mon, 27 Sep 2021 17:33:59 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOCl4UOrIytApTV37%2Fimage.png
gblobscdn.gitbook.com/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOCl4UOrIytApTV37%2Fimage.png?alt=media&token=49a8815e-5d9a-4d5b-b067-2c5cf1bef0ff
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d6903dca0363e2b6cfbfc76bfd887e39dda62c20797acc10a56053f9476f1dd

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-Uw9XdgFMCRFoEn1z62VIIb_CAel-TEJvGLJ_K2buv30jNVMb_ZtXmegdzzNG1W6DzWI2cl7FDZbGGl-GGiDlFM
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
48438
cf-request-id
057d9846050000dfff598c2200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"6dc79fe1609928fea7ba884394e5c0ea"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=q5iFDQ==, md5=bcef4WCZKP6nuohDlOXA6g==
x-goog-generation
1564432989269283
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
48438
x-goog-meta-firebasestoragedownloadtokens
49a8815e-5d9a-4d5b-b067-2c5cf1bef0ff
accept-ranges
bytes
cf-ray
5da929833a70dfff-FRA
expires
Tue, 28 Sep 2021 09:34:46 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOGitaJ8ENZx4aN_2%2Fimage.png
gblobscdn.gitbook.com/ 		96 KB
97 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzOGitaJ8ENZx4aN_2%2Fimage.png?alt=media&token=7dfd580e-131d-4f55-946e-32217f22bbb5
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5223dedd79219cb3556733314dba6098d2ab47967a97c43c46af8b53b4c0f76

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
ABg5-UzYmz36Jd0gGM4Ki-iOnKHLNKoJGp1Qkpf5Q6yij8_TLHQwqdITACzGwRV9DmEYzzHMxUIaU8hEbvzOE4Fvx64
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
98455
cf-request-id
057d9846070000dfff598c3200000001
last-modified
Mon, 29 Jul 2019 20:43:10 GMT
server
cloudflare
etag
"72c7939b5628ef8c82a1b327b77c30fa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=QLpzOA==, md5=cseTm1Yo74yCobMnt3ww+g==
x-goog-generation
1564432990001084
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
98455
x-goog-meta-firebasestoragedownloadtokens
7dfd580e-131d-4f55-946e-32217f22bbb5
accept-ranges
bytes
cf-ray
5da929833a72dfff-FRA
expires
Wed, 29 Sep 2021 22:32:48 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzP2MTzsyl_xVHjMdH%2Fimage.png
gblobscdn.gitbook.com/ 		51 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzP2MTzsyl_xVHjMdH%2Fimage.png?alt=media&token=dcdb5e64-136f-4aac-9ef5-82a500474526
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0f33a0d0d19a53dc4d4b9d9827b373f9669f07b415841fc861be9730d097768

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32115
status
200
x-guploader-uploadid
ABg5-UzGT4wMlPhaFPZXckK44Ajk37c_CtL4JS2ckr5AYRnnqV2spQhYZcg64wx0U_EIz2p9jSZTNybc19-HEdD2cKA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
51844
cf-request-id
057d98460a0000dfff598c4200000001
last-modified
Mon, 29 Jul 2019 20:43:09 GMT
server
cloudflare
etag
"9fd16585aaf4ff6886ab9b2c895a4ce6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=EGODhg==, md5=n9Flhar0/2iGq5ssiVpM5g==
x-goog-generation
1564432989277698
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
51844
x-goog-meta-firebasestoragedownloadtokens
dcdb5e64-136f-4aac-9ef5-82a500474526
accept-ranges
bytes
cf-ray
5da929834a7bdfff-FRA
expires
Wed, 29 Sep 2021 13:37:31 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzPrlIuIHPhePj4gbB%2Fimage.png
gblobscdn.gitbook.com/ 		517 KB
518 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzNk6_CodAdD2tZkf5%2F-LkzPrlIuIHPhePj4gbB%2Fimage.png?alt=media&token=746de31c-efed-4a3b-b205-410476c3b141
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fb85de89a003f0fc5520be2a9e52120673bb15c2030a00a8460098f4e1b7e39

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-UxflSRDsDK7-jvC6GFbUB4HFsa6NBsbunkg8m1G47BGA_v1meHodR-kKggwk4ZinDQxS083Klr-0d-nQgdjx7T9gJ8meA
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
529253
cf-request-id
057d98460a0000dfff598c5200000001
last-modified
Mon, 29 Jul 2019 20:43:10 GMT
server
cloudflare
etag
"852eacb37653582d90d217718af1a691"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=x7b1FA==, md5=hS6ss3ZTWC2Q0hdxivGmkQ==
x-goog-generation
1564432990282717
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
529253
x-goog-meta-firebasestoragedownloadtokens
746de31c-efed-4a3b-b205-410476c3b141
accept-ranges
bytes
cf-ray
5da929834a7cdfff-FRA
expires
Tue, 28 Sep 2021 09:34:47 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzjA_6AlbSx8OnPyKt%2F-LkzjE8L4qN2ICgbKYm1%2Fbackdoored-pe.gif
gblobscdn.gitbook.com/ 		350 KB
351 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzjA_6AlbSx8OnPyKt%2F-LkzjE8L4qN2ICgbKYm1%2Fbackdoored-pe.gif?alt=media&token=874cd18a-d3a4-4e9a-bb44-c553bbef4b9a
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9934616622c78d38d812ebecaa2871f544ad94d91b5d281d7873186698ce2477

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-UwfreA_YnPFeTctqM_ihEwCd4Fe2BPyOTGrvGC4kbK3cLLZIC7AFgDJG8v5uBs8b7qQRnpy8u_AVmHrv6sh_R5xtivWkw
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''backdoored-pe.gif
content-type
image/gif
content-length
358520
cf-request-id
057d98461b0000dfff598c8200000001
last-modified
Mon, 29 Jul 2019 22:02:03 GMT
server
cloudflare
etag
"e68eb99582c5f0f4ebd80947d9428888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=oU3hlA==, md5=5o65lYLF8PTr2AlH2UKIiA==
x-goog-generation
1564437723245057
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
358520
x-goog-meta-firebasestoragedownloadtokens
874cd18a-d3a4-4e9a-bb44-c553bbef4b9a
accept-ranges
bytes
cf-ray
5da929835a97dfff-FRA
expires
Wed, 29 Sep 2021 22:32:46 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-Lkz_YnFy5qqhlkFJfyH%2Fimage.png
gblobscdn.gitbook.com/ 		314 KB
315 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-Lkz_YnFy5qqhlkFJfyH%2Fimage.png?alt=media&token=b0893467-7990-4a5b-9363-d807aabdfc57
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7199cb819a055161b65ffb591c73e334a17c7f6b8cbe722628bfc006877b6894

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-Ux8an1QZwwRqNz5ORMhtiriuZHp5-EQtestZerp-W1EyaT8xU1hJXJSHegt_8j6qYuDjK6qFitSLPhJugcdnxueT_cxfQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
321501
cf-request-id
057d9846230000dfff598c9200000001
last-modified
Mon, 29 Jul 2019 21:54:59 GMT
server
cloudflare
etag
"7a2a719cd8446c642452c50b9128415b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=Sm6vew==, md5=eipxnNhEbGQkUsULkShBWw==
x-goog-generation
1564437299816705
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
321501
x-goog-meta-firebasestoragedownloadtokens
b0893467-7990-4a5b-9363-d807aabdfc57
accept-ranges
bytes
cf-ray
5da929836aaedfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaylyCqa-8zRfcmsD%2Fimage.png
gblobscdn.gitbook.com/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaylyCqa-8zRfcmsD%2Fimage.png?alt=media&token=47182ac5-203e-4a7b-8f1a-8fa93b58eb26
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
578158d24f6db88a8f597bb4c22e4deead7ceb7a592fcfe81df62d18041c01f9

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-UxEQLt_kmGIWxSLOiZ2Mqdx6uGtz_yKwz2xAUVaaisRlA2Xn3mQqrRsS1Hkta1GiuAdyH3_tsuBuWLvuvCuhBoPmnFjZg
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
22257
cf-request-id
057d9846250000dfff598ca200000001
last-modified
Mon, 29 Jul 2019 21:54:58 GMT
server
cloudflare
etag
"c123c1ec616ee07e4e00f96823342ca1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jcRQcw==, md5=wSPB7GFu4H5OAPloIzQsoQ==
x-goog-generation
1564437298427818
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
22257
x-goog-meta-firebasestoragedownloadtokens
47182ac5-203e-4a7b-8f1a-8fa93b58eb26
accept-ranges
bytes
cf-ray
5da929836ab1dfff-FRA
expires
Tue, 28 Sep 2021 09:34:49 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaQceOQ3j5kB3XaBY%2Fimage.png
gblobscdn.gitbook.com/ 		73 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Lkz_SkhiOikXreDYzyX%2F-LkzaQceOQ3j5kB3XaBY%2Fimage.png?alt=media&token=c5ea539a-a919-486e-a98b-cc9e7a9a9f1f
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7433c21695c88fef6461f9515b4169bf4eba785d6273ceaaf56b22f85df7f21

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-UwNejUOTLrOWWtrDT_GTOg_8bGR9zW3lwN0USnadZ9fv_COuDc8ye5ul-iOCQN78Z-_DN058Ht4jBXdHnzCGpI
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
74983
cf-request-id
057d9846330000dfff598ce200000001
last-modified
Mon, 29 Jul 2019 21:54:59 GMT
server
cloudflare
etag
"52856424172c29994a7d4bfb4b13c39c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=EuzMUQ==, md5=UoVkJBcsKZlKfUv7SxPDnA==
x-goog-generation
1564437299497907
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
74983
x-goog-meta-firebasestoragedownloadtokens
c5ea539a-a919-486e-a98b-cc9e7a9a9f1f
accept-ranges
bytes
cf-ray
5da929838ad3dfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll8wvkscvRygy8w0ozX%2F-Ll96u5bb1q1OXCJX5Kh%2Fcode-redirection.gif
gblobscdn.gitbook.com/ 		286 KB
286 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll8wvkscvRygy8w0ozX%2F-Ll96u5bb1q1OXCJX5Kh%2Fcode-redirection.gif?alt=media&token=73cac3ac-41df-43f4-9b78-e6802fb57759
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9745a7a64330347faf81323c0097a1ee299d3cb0ba8b59624a0187376bdbce02

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-UxMeTROLSXCFexmtbtDcJg8199RjmrNV6Frs2b_-L6J5xAiv-kJBXHzsodl3T6eoCNRTPOIOuYQ4PhSSwls1w
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''code-redirection.gif
content-type
image/gif
content-length
292448
cf-request-id
057d9846380000dfff598cf200000001
last-modified
Wed, 31 Jul 2019 22:35:29 GMT
server
cloudflare
etag
"efa0b4e6e7ac212b277fdbf5f0c62dd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ZCeeTA==, md5=76C05uesISsnf9v18MYt1g==
x-goog-generation
1564612529012882
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
292448
x-goog-meta-firebasestoragedownloadtokens
73cac3ac-41df-43f4-9b78-e6802fb57759
accept-ranges
bytes
cf-ray
5da929838ae1dfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LkzkdHDItXtyqmJiO_Y%2F-LkzkixlLNKSi6nb-vDY%2Fbackdoored-pe2.gif
gblobscdn.gitbook.com/ 		332 KB
333 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LkzkdHDItXtyqmJiO_Y%2F-LkzkixlLNKSi6nb-vDY%2Fbackdoored-pe2.gif?alt=media&token=2ec958b3-146f-47ee-b152-5b6226c0fc31
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cbeace8ef87e246ddbddb76b32fa61cd1c59a8057f5a8456461c26fe174a9c9

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-UympY9gBMGen-XwF2aQ5owtFda_U6CVKCMtXFa6R73CkPNAo9f09jQ3BuNQp6ZKSAj9cjiD-HnZLEwPc1vSLVk
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''backdoored-pe2.gif
content-type
image/gif
content-length
339828
cf-request-id
057d9846380000dfff598d0200000001
last-modified
Mon, 29 Jul 2019 22:04:09 GMT
server
cloudflare
etag
"fe21d5c661ee06d02c3d5f6e12089328"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=LI1OpQ==, md5=/iHVxmHuBtAsPV9uEgiTKA==
x-goog-generation
1564437849512975
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
339828
x-goog-meta-firebasestoragedownloadtokens
2ec958b3-146f-47ee-b152-5b6226c0fc31
accept-ranges
bytes
cf-ray
5da929838ae3dfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3px7EmYpT1PNgqKha%2Fimage.png
gblobscdn.gitbook.com/ 		172 KB
173 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3px7EmYpT1PNgqKha%2Fimage.png?alt=media&token=3ca88cf5-6ab2-4f21-8d91-0c35c24912ea
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e802eb704e4cd1a4d83e2b185e5caf971473baa53321c886b08c3a1018724f3b

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-UwR0ugjkeahV2JHI6kI84CWAYxH2crqtryPT0yskXEX-znTo6QejHbR7vDWNGhfnolwT46368E8QkUwolCPGbE
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
176360
cf-request-id
057d9846410000dfff598d1200000001
last-modified
Tue, 30 Jul 2019 22:18:30 GMT
server
cloudflare
etag
"e28564d3809bd4cb8d9153ed8b7886d5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=xKZemQ==, md5=4oVk04Cb1MuNkVPti3iG1Q==
x-goog-generation
1564525110130742
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
176360
x-goog-meta-firebasestoragedownloadtokens
3ca88cf5-6ab2-4f21-8d91-0c35c24912ea
accept-ranges
bytes
cf-ray
5da929839afcdfff-FRA
expires
Tue, 28 Sep 2021 09:34:55 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3koptqHZSB7nYHz5T%2Fimage.png
gblobscdn.gitbook.com/ 		79 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3koptqHZSB7nYHz5T%2Fimage.png?alt=media&token=e77b370e-c986-409d-acef-5e68455b8b4a
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90aab2ad1dd4721d0cdfb085eaf502403cc86607df4d9b57b0a79c3e829bbb11

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-UwpPvffnK_uV8k9xnzNOe2-Xp9qz01UeS-_zpp4GQHTI0sE4l9B3QJUJeYFki7zsk8JF0ZA0AE3tmD2kkpuSAc
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
80759
cf-request-id
057d9846480000dfff598d2200000001
last-modified
Tue, 30 Jul 2019 22:18:30 GMT
server
cloudflare
etag
"d4706d05173f2528eaba36886df99499"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=NftHrA==, md5=1HBtBRc/JSjqujaIbfmUmQ==
x-goog-generation
1564525110240748
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
80759
x-goog-meta-firebasestoragedownloadtokens
e77b370e-c986-409d-acef-5e68455b8b4a
accept-ranges
bytes
cf-ray
5da92983ab0adfff-FRA
expires
Tue, 28 Sep 2021 09:34:57 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3qfZF6Uro5HZAoW9I%2Fimage.png
gblobscdn.gitbook.com/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3qfZF6Uro5HZAoW9I%2Fimage.png?alt=media&token=66dc58a2-f76c-4764-956f-8542a8c86d77
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf25a17145e3b03b852e82618cd41245443293ad098bbcbf87547b02584a2a02

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-UziutgreNyqpk65AZ4cQqHEWiar-3f_JEL__8to93wq_EALM7vPrfsaCfY31U2tvYypCXJZDdYyxy7R8AgDlp4
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
23461
cf-request-id
057d98464e0000dfff598d4200000001
last-modified
Tue, 30 Jul 2019 22:18:29 GMT
server
cloudflare
etag
"3435634c293d9f9432b2757f5ae00b76"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=t8sNVQ==, md5=NDVjTCk9n5QysnV/WuALdg==
x-goog-generation
1564525109532452
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
23461
x-goog-meta-firebasestoragedownloadtokens
66dc58a2-f76c-4764-956f-8542a8c86d77
accept-ranges
bytes
cf-ray
5da92983bb15dfff-FRA
expires
Tue, 28 Sep 2021 09:34:58 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3rXPG9tFjxHr9mJik%2Fimage.png
gblobscdn.gitbook.com/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3rXPG9tFjxHr9mJik%2Fimage.png?alt=media&token=98a785cb-859a-4656-8229-a628dfe03f8e
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9d520ab80726e62ff6decca3964ab6b906b4959fae579aba595677da21daa6e

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-UyRWhRZybesoy4NmMYrHBUCPvwf9ExGzw67b_mFOBm-dMeHA9HDfN0UX15SmtoNaZrJCkF933zkeePSo24_cDw
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
17094
cf-request-id
057d9846540000dfff598d8200000001
last-modified
Tue, 30 Jul 2019 22:18:29 GMT
server
cloudflare
etag
"cce26dd3677c8172b6f4287e85a1f98e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=KoSC5g==, md5=zOJt02d8gXK29Ch+haH5jg==
x-goog-generation
1564525109448906
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
17094
x-goog-meta-firebasestoragedownloadtokens
98a785cb-859a-4656-8229-a628dfe03f8e
accept-ranges
bytes
cf-ray
5da92983bb27dfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3tDJQ2pqphICgtoax%2Fimage.png
gblobscdn.gitbook.com/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3tDJQ2pqphICgtoax%2Fimage.png?alt=media&token=071642ae-81e8-4def-ab13-a4d3079780a9
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
281ae8ea09166dadd71d8f57ecf126abfa13ba89daa1578548c673c6ad617a3c

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
124604
status
200
x-guploader-uploadid
ABg5-UzwSeYgqO6iCenmgxcqC7R9fCTb8RRlyB8ICy25d2cplR940U8VVz4po1l635ob3mUPK1nNPrY6e8pSYvvNVtiieOGWKQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
65500
cf-request-id
057d98465b0000dfff598d9200000001
last-modified
Tue, 30 Jul 2019 22:18:29 GMT
server
cloudflare
etag
"024ef0b105e46e6acf1d7261b32bda2d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=BmC4jw==, md5=Ak7wsQXkbmrPHXJhsyvaLQ==
x-goog-generation
1564525109473264
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
65500
x-goog-meta-firebasestoragedownloadtokens
071642ae-81e8-4def-ab13-a4d3079780a9
accept-ranges
bytes
cf-ray
5da92983cb38dfff-FRA
expires
Tue, 28 Sep 2021 11:56:02 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3s6OF9x7ufPIN8UOu%2Fimage.png
gblobscdn.gitbook.com/ 		56 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3s6OF9x7ufPIN8UOu%2Fimage.png?alt=media&token=c723818c-889a-425b-99dd-e70bc1d26d21
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffdc6e71953515c485fe82045ef1a1b90424e0cf1028402124c8d69bcd5abfe5

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32115
status
200
x-guploader-uploadid
ABg5-UxzjxTquMgxA-CgoDODugno3fNJah7Y1Nm6wMbpR0lKFel61KStKQojF01L37eT3csukByk4BdQE4F9k_rwFWTKZu7Dnw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
57327
cf-request-id
057d98465f0000dfff598da200000001
last-modified
Tue, 30 Jul 2019 22:18:29 GMT
server
cloudflare
etag
"e2588e7bbc692366b23e379f2a45611e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=sztlnA==, md5=4liOe7xpI2ayPjefKkVhHg==
x-goog-generation
1564525109587651
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
57327
x-goog-meta-firebasestoragedownloadtokens
c723818c-889a-425b-99dd-e70bc1d26d21
accept-ranges
bytes
cf-ray
5da92983cb47dfff-FRA
expires
Wed, 29 Sep 2021 13:37:31 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3uk40tcavWPYIG6dy%2Fimage.png
gblobscdn.gitbook.com/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3uk40tcavWPYIG6dy%2Fimage.png?alt=media&token=85a386f2-bf36-4d43-9311-467e888d8519
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3b446d19e2a498c5477c2f026f80a5c951acddef29dde3972697d18d85178d4

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:47 GMT
cf-cache-status
HIT
age
32116
x-guploader-uploadid
ABg5-UzI89ZrK7jvMBZKgtE9JhDUsMGvkYxT7N-REJ4eTVrfVjWIYqCL86TPGzLpZxjGehRO5bUUF6WdeXy18TBbiSABC17WsA
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
40625
cf-request-id
057d9846620000dfff598db200000001
last-modified
Tue, 30 Jul 2019 22:18:29 GMT
server
cloudflare
etag
"22826c317d67a907dd1e95cc2d84d63b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=2y9SUg==, md5=IoJsMX1nqQfdHpXMLYTWOw==
x-goog-generation
1564525109453552
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
40625
x-goog-meta-firebasestoragedownloadtokens
85a386f2-bf36-4d43-9311-467e888d8519
accept-ranges
bytes
cf-ray
5da92983db4adfff-FRA
expires
Tue, 28 Sep 2021 09:35:01 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3xNXeWGuPj5XZXOov%2Fbackdoored-pe4.gif
gblobscdn.gitbook.com/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-Ll3KBWLKJ9CWALr0JOo%2F-Ll3xNXeWGuPj5XZXOov%2Fbackdoored-pe4.gif?alt=media&token=9c0b534d-3c4b-42f6-bc01-286d6d99259b
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ec11518a9a2c46eba512d1ff5b8b0a74c7fd97360069d9afe391b9430abeb27

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
cf-cache-status
MISS
x-guploader-uploadid
ABg5-UyzduxcdBEQXeFbRkWNdQbzfvGDrILIOZdgpknNiZRiiY_L5TDaIwnf3BB5MP2I311GSydIzwVFmxWdNrsDjy_sCJf_BA
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''backdoored-pe4.gif
content-type
image/gif
content-length
1160703
cf-request-id
057d98466b0000dfff598dc200000001
last-modified
Tue, 30 Jul 2019 22:18:31 GMT
server
cloudflare
etag
"04bc483af4f7a2b036f5636ad157a52c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=83HjgA==, md5=BLxIOvT3orA29WNq0VelLA==
x-goog-generation
1564525111283631
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
1160703
x-goog-meta-firebasestoragedownloadtokens
9c0b534d-3c4b-42f6-bc01-286d6d99259b
accept-ranges
bytes
cf-ray
5da92983db5fdfff-FRA
expires
Tue, 28 Sep 2021 09:35:01 GMT
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:09:47 GMT
x-content-type-options
nosniff
age
1381
status
200
content-disposition
inline;filename=""
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 30 Sep 2020 13:56:40 GMT
chunk.193.9c60e789.js
gstatic.gitbook.com/js/ 		247 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/chunk.193.9c60e789.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
479985cc857d9a8412e5255f8749359c2c75b70cc19c6635d8b7b88bb77b35eb

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
content-encoding
gzip
cf-cache-status
HIT
age
14600855
cf-polished
origSize=253395
x-guploader-uploadid
AEnB2UrG0a5P6KkVbD2-2STDlss5Gl1W1NaQ1N7jLuo0KWeKGcgKCZaSbGZLtcqWHZnaKEfX1so3L3Xw_emImKhIzbrW8QI-eQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
057d98468b0000dfff598de200000001
last-modified
Sat, 04 Apr 2020 21:36:58 GMT
server
cloudflare
etag
W/"87a62c274e163e81a2ac1e35ded71038"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=4sdnqQ==, md5=h6YsJ04WPoGirB413tcQOA==
x-goog-generation
1586036218605147
access-control-allow-origin
*
expires
Sat, 10 Apr 2021 08:37:32 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
253395
cf-ray
5da929841b88dfff-FRA
cf-bgj
minify
avatar.jpg
captmeelo.com//static/img/
Redirect Chain
  • https://capt-meelo.github.io//static/img/avatar.jpg
  • https://captmeelo.com//static/img/avatar.jpg
16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://captmeelo.com//static/img/avatar.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.110.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
325e8deaea83445638c8d9e06570b417bb6e165e4991aa3bb5a6a4bb10cfc495

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
0e179138fe8bd57356f9d1fdfebf9eb4894ecf91
date
Tue, 29 Sep 2020 22:32:48 GMT
via
1.1 varnish
age
1
x-cache
HIT
status
200
content-length
16770
x-served-by
cache-cph20645-CPH
last-modified
Sat, 29 Feb 2020 02:25:35 GMT
server
GitHub.com
x-github-request-id
A736:583A:9F40DA1:A9FE937:5F73AAB6
x-timer
S1601418768.126877,VS0,VE0
etag
"5e59cb9f-4182"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Tue, 29 Sep 2020 21:54:22 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
1

Redirect headers

x-fastly-request-id
c87d91ab44f48b144d5a886e9a3870d9f76248cb
date
Tue, 29 Sep 2020 22:32:48 GMT
via
1.1 varnish
age
1
x-cache
HIT
status
301
content-length
162
x-served-by
cache-cph20625-CPH
server
GitHub.com
x-github-request-id
BD8A:B97F:95A513D:9F5E90D:5F73B608
x-timer
S1601418768.047323,VS0,VE0
vary
Accept-Encoding
content-type
text/html
location
https://captmeelo.com//static/img/avatar.jpg
accept-ranges
bytes
x-cache-hits
1
1*2C4W4uLlUX1nesN-ycPUWg.png
miro.medium.com/max/1200/ 		278 KB
279 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://miro.medium.com/max/1200/1*2C4W4uLlUX1nesN-ycPUWg.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7891 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Geomyidae artificij
Resource Hash
11f60cd84541934fe3b7b8000bae630c7620cdfaf5a4adf9aaa1680523efc2a4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
133006
x-powered-by
Geomyidae artificij
x-obvious-info
16.3, 3203-7aaf868
status
200
strict-transport-security
max-age=15552000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
285153
cf-request-id
057d9846a6000005d42aa9d200000001
pragma
public
server
cloudflare
etag
"16.3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
5da929843c1605d4-FRA
expires
Thu, 29 Oct 2020 22:32:48 GMT
camera-door.jpg
pentest.blog/wp-content/uploads/ 		330 KB
331 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pentest.blog/wp-content/uploads/camera-door.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.27.168.40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28e5b93338e5842753aabad1f88f7221a3908d9ddc1273c599a23db8f9308569
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2906
status
200
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-length
338299
cf-request-id
057d9846ad0000d8914db12200000001
last-modified
Fri, 16 Dec 2016 09:31:12 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"5853b460-5297b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=65&lkg-time=1601418768"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
x-xss-protection
1
cache-control
max-age=43200
accept-ranges
bytes
cf-ray
5da9298449e6d891-CPH
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/ 		449 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29b::353e , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
status
200
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 16 Dec 2019 19:04:37 GMT
x-datacenter
eus
date
Tue, 29 Sep 2020 22:32:48 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=787
etag
"0x8D7825ACB981CED"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:cd765a3e-2aba-43aa-b307-6e4b3b4be342
expires
Tue, 29 Sep 2020 22:45:55 GMT
/
www.gitbook.com/__amp/ 		7 B
290 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gitbook.com/__amp/
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=15768000
cf-ray
5da92984a8bfc281-FRA
content-length
7
cf-request-id
057d9846e50000c28103b90200000001
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Sep 2020 01:50:37 GMT
server
Golfe2
age
4629
date
Tue, 29 Sep 2020 21:15:39 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18650
expires
Tue, 29 Sep 2020 23:15:39 GMT
7f9239ce726764aa22093884902e018d.svg
gstatic.gitbook.com/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gstatic.gitbook.com/images/7f9239ce726764aa22093884902e018d.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:48 GMT
content-encoding
gzip
cf-cache-status
HIT
age
14603167
x-guploader-uploadid
AEnB2Up4_u4zsu-VzeTELd0oacAlZEN_VuSfwJg4nLtQ2217uVqL3_snTm0ea4BPUQnb0dkmty19gyuS1IAzP119HZVqUcn_Sw
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/svg+xml
cf-request-id
057d9847130000dfff598e3200000001
last-modified
Sat, 04 Apr 2020 21:36:58 GMT
server
cloudflare
etag
W/"7f9239ce726764aa22093884902e018d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VnuT0A==, md5=f5I5znJnZKoiCTiEkC4BjQ==
x-goog-generation
1583845128485401
access-control-allow-origin
*
expires
Fri, 09 Apr 2021 13:06:16 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
2137
cf-ray
5da92984ec8cdfff-FRA
cf-bgj
h2pri
collect
www.google-analytics.com/j/ 		2 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=270404929&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fcode-injection-process-injection%2Fbackdooring-portable-executables-pe-with-shellcode&dp=%2Foffensive-security%2Fcode-injection-process-injection%2Fbackdooring-portable-executables-pe-with-shellcode&ul=en-us&de=UTF-8&dt=Backdooring%20PE%20Files%20with%20Shellcode%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=1320481875&gjid=1386683671&cid=1303432817.1601418768&tid=UA-57505611-10&_gid=2112918591.1601418768&_r=1&_slc=1&cd1=-LFEMnER3fywgFHoroYn&cd2=-LFEMnEQwqZOY6DtfrzY&cd3=-MIKN6WyFqg533jI6DWr&cd4=master&cd5=-LkzNlxUxNf4L_re0exJ&z=1107273333
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 29 Sep 2020 22:32:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://www.ired.team
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
395 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j86&a=270404929&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fcode-injection-process-injection%2Fbackdooring-portable-executables-pe-with-shellcode&dp=%2Foffensive-security%2Fcode-injection-process-injection%2Fbackdooring-portable-executables-pe-with-shellcode&ul=en-us&de=UTF-8&dt=Backdooring%20PE%20Files%20with%20Shellcode%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=1781771089&gjid=1195909222&cid=1303432817.1601418768&tid=UA-128974775-1&_gid=2112918591.1601418768&_r=1&_slc=1&z=1495295132
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 29 Sep 2020 22:32:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://www.ired.team
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
katex.min.css
cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/ 		22 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ac677fc8f407f4d138936101450bb6f8dc7bbff5b9b179367be2a8ff4f604799
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
5383855
x-cache
HIT, HIT
status
200
content-length
3252
etag
W/"574b-3/HqF2/k6+4dZUT5WNJ/3EPuVgQ"
x-served-by
cache-fra19155-FRA, cache-hhn4048-HHN
date
Tue, 29 Sep 2020 22:32:48 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
KaTeX_Main-Regular.woff2
cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/KaTeX_Main-Regular.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6b4352af4a7dcf675aa2301db9d828d99f5a8b38fa0171b31df5f49ec75b0fc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.ired.team
Referer
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
age
5383785
x-cache
HIT, HIT
status
200
content-length
33096
etag
W/"8148-fRcnQjCpzvN7iZHfortW6uL3Xn4"
x-served-by
cache-fra19138-FRA, cache-hhn4048-HHN
date
Tue, 29 Sep 2020 22:32:48 GMT
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
KaTeX_Math-Italic.woff2
cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/fonts/KaTeX_Math-Italic.woff2
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
30e49e4b4bdd54613b6c1dcbef7f61e304efc5ae3f466f4882bc8aa9c6976bed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Origin
https://www.ired.team
Referer
https://cdn.jsdelivr.net/npm/katex@0.10.0-alpha/dist/katex.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
age
1063173
x-cache
HIT, HIT
status
200
cross-origin-resource-policy
cross-origin
content-length
20416
etag
W/"4fc0-wze6fE2+WzHCIo8wGigvxUceQt4"
x-served-by
cache-fra19136-FRA, cache-hhn4048-HHN
date
Tue, 29 Sep 2020 22:32:48 GMT
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
chunk.966.9bcdd26c.js
gstatic.gitbook.com/js/ 		1 MB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/chunk.966.9bcdd26c.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.e076405c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb

Request headers

Referer
https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 29 Sep 2020 22:32:52 GMT
content-encoding
gzip
cf-cache-status
HIT
age
1790585
cf-polished
origSize=1540766
x-guploader-uploadid
ABg5-UxKgqGLQ26JIqaj52oIJ6p2S_eTydUTTYFkh1TUley5p2hWiQBHpM4pRUbYdfa1g4_NjLNqaD3qv9khnfzbP845za1iRQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
057d9858830000dfff599e0200000001
last-modified
Fri, 04 Sep 2020 12:48:24 GMT
server
cloudflare
etag
W/"1ee0a04f04f79506addc6f9cc9ade2c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=6ui4QQ==, md5=HuCgTwT3lQat3G+cya3iwA==
x-goog-generation
1599223704659196
access-control-allow-origin
*
expires
Thu, 09 Sep 2021 05:09:46 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1540766
cf-ray
5da929a0dc16dfff-FRA
cf-bgj
minify

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| GITBOOK_STATE object| __LOADABLE_LOADED_CHUNKS__ object| GitBook object| __SENTRY__ function| _lrMutationObserver object| __SDKCONFIG__ number| 2f1acc6c3a606b082e5eef5e54414ffb function| Intercom function| Mousetrap function| setImmediate function| clearImmediate object| Prism object| __algolia function| _LRLogger boolean| _lr_loaded boolean| __isReactDndBackendSetUp string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

1 Cookies

Domain/Path Name / Value
.ired.team/ Name: amplitude_id_fef1e872c952688acd962d30aa545b9eired.team
Value: eyJkZXZpY2VJZCI6ImNhNmY5MGJhLWQzNzEtNDY2MS04ZTdkLTdjOWNlZGNmNGZlYlIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTYwMTQxODc2NzYyNywibGFzdEV2ZW50VGltZSI6MTYwMTQxODc2NzYyNywiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9

1 Console Messages

Source Level URL
Text
console-api log URL: https://gstatic.gitbook.com/js/111.e076405c.js(Line 1)
Message:
Application ready

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.gitbook.com
capt-meelo.github.io
captmeelo.com
cdn.jsdelivr.net
cdn.lr-ingest.io
docs.microsoft.com
fonts.googleapis.com
fonts.gstatic.com
gblobscdn.gitbook.com
gstatic.gitbook.com
lh5.googleusercontent.com
miro.medium.com
pentest.blog
polyfill.io
unpkg.com
www.gitbook.com
www.google-analytics.com
www.ired.team
104.27.168.40
185.199.110.153
185.199.111.153
188.166.160.174
2606:4700::6810:7891
2606:4700::6810:7daf
2606:4700::6812:96f
2606:4700:e0::ac40:6402
2a00:1450:4001:802::200a
2a00:1450:4001:808::2001
2a00:1450:4001:81a::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:821::200e
2a02:26f0:6c00:29b::353e
2a04:4e42:1b::621
2a04:4e42:600::621
05b51d0da9e1e193f0066206631581ccd8b2dd6617917b3b6bcd707cb727fcd1
11f60cd84541934fe3b7b8000bae630c7620cdfaf5a4adf9aaa1680523efc2a4
1cbeace8ef87e246ddbddb76b32fa61cd1c59a8057f5a8456461c26fe174a9c9
281ae8ea09166dadd71d8f57ecf126abfa13ba89daa1578548c673c6ad617a3c
28e5b93338e5842753aabad1f88f7221a3908d9ddc1273c599a23db8f9308569
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
2ec11518a9a2c46eba512d1ff5b8b0a74c7fd97360069d9afe391b9430abeb27
30e49e4b4bdd54613b6c1dcbef7f61e304efc5ae3f466f4882bc8aa9c6976bed
325e8deaea83445638c8d9e06570b417bb6e165e4991aa3bb5a6a4bb10cfc495
388414ddd30b73425b5292e8b0b886a96a59fe2b2b89e008c632770c6cc9605f
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a
479985cc857d9a8412e5255f8749359c2c75b70cc19c6635d8b7b88bb77b35eb
578158d24f6db88a8f597bb4c22e4deead7ceb7a592fcfe81df62d18041c01f9
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
5a9a94947f91f66095836a496e7a91b58fc31dda64cc01cec30d2ed26cd22e56
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
6b4352af4a7dcf675aa2301db9d828d99f5a8b38fa0171b31df5f49ec75b0fc2
6c724392f6eb6bb0a776ab433ee83461fe3f47feb6076536f084f1a6c7f9325e
6d6903dca0363e2b6cfbfc76bfd887e39dda62c20797acc10a56053f9476f1dd
7199cb819a055161b65ffb591c73e334a17c7f6b8cbe722628bfc006877b6894
7cb62641751cbaf6261a2d8c5d666d6502b37b12bad2a9dba6bdf8143f2e704d
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec
90aab2ad1dd4721d0cdfb085eaf502403cc86607df4d9b57b0a79c3e829bbb11
9745a7a64330347faf81323c0097a1ee299d3cb0ba8b59624a0187376bdbce02
9934616622c78d38d812ebecaa2871f544ad94d91b5d281d7873186698ce2477
9fb85de89a003f0fc5520be2a9e52120673bb15c2030a00a8460098f4e1b7e39
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405
a7f194c6eb560025d7cf42a2cb771976d2df2e692046ffe5b112fb8555ac2e52
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
ac677fc8f407f4d138936101450bb6f8dc7bbff5b9b179367be2a8ff4f604799
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2
b9d520ab80726e62ff6decca3964ab6b906b4959fae579aba595677da21daa6e
c3b446d19e2a498c5477c2f026f80a5c951acddef29dde3972697d18d85178d4
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43
ce2f21031c7967ee814084ad77a35ad2d51c51207c072d2d5a48c7957ccd3b2c
cf25a17145e3b03b852e82618cd41245443293ad098bbcbf87547b02584a2a02
d7433c21695c88fef6461f9515b4169bf4eba785d6273ceaaf56b22f85df7f21
dbecd81a887112fc48df01642563a0a17289a991a41af17256750391ba108e49
e0f33a0d0d19a53dc4d4b9d9827b373f9669f07b415841fc861be9730d097768
e5223dedd79219cb3556733314dba6098d2ab47967a97c43c46af8b53b4c0f76
e802eb704e4cd1a4d83e2b185e5caf971473baa53321c886b08c3a1018724f3b
ffdc6e71953515c485fe82045ef1a1b90424e0cf1028402124c8d69bcd5abfe5