urlscan.io logo urlscan.io
SecurityTrails logo

undev.ninja Open in urlscan Pro
2606:4700:3030::6815:1bf  Public Scan

Go To Rescan Add Verdict Report
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Submission: On January 13 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 29 HTTP transactions. The main IP is 2606:4700:3030::6815:1bf, located in United States and belongs to CLOUDFLARENET, US. The main domain is undev.ninja.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 13th 2020. Valid for: a year.
This is the only time undev.ninja was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
25 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a0b:e40:3::12 205809 (MEGA)
29 4
Domain Requested by
25 undev.ninja undev.ninja
1 mega.nz undev.ninja
1 code.jquery.com undev.ninja
1 lh5.googleusercontent.com undev.ninja
1 lh6.googleusercontent.com undev.ninja
29 5

This site contains links to these domains. Also see Links.

Domain
twitter.com
feedly.com
github.com
ghost.org
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-13 -
2021-08-13		 a year crt.sh
*.googleusercontent.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA		 2020-10-06 -
2021-10-16		 a year crt.sh
mega.nz
R3		 2021-01-10 -
2021-04-10		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Frame ID: 98372F7D83865A10D75586909AB3B78D
Requests: 28 HTTP requests in this frame

Frame: https://mega.nz/embed/h8FmGDrY
Frame ID: C40C03178225D5E938FAF033797B4D91
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

29
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

939 kB
Transfer

1061 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/ 		58 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68a5ee30648b879d9f3f7bd1a048d60beb9584298b34810bd4744eda73778bac
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
undev.ninja
:scheme
https
:path
/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=da939c0d7d8e89a3e1900a40de3505eaa1610571894; expires=Fri, 12-Feb-21 21:04:54 GMT; path=/; domain=.undev.ninja; HttpOnly; SameSite=Lax; Secure
cache-control
public, max-age=0
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubdomains;
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-security-policy
img-src https: data:;
referrer-policy
no-referrer
feature-policy
autoplay 'none'; camera 'none'
cf-cache-status
DYNAMIC
cf-request-id
079f29e5c300001f3db3b72000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6sbxmf%2F2%2FbWbVlav4LgramKD8%2FKm%2F2E8K1d28BmFANm71GioBFPJ5ZQtMwlsbDB5yT1vB4S3ZTvnFwfdqa%2BLoMtqlfLljZ6aEEd9Fpj40iAzt3eiEiH5tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
61121282d8181f3d-FRA
content-encoding
br
screen.css
undev.ninja/assets/built/ 		43 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://undev.ninja/assets/built/screen.css?v=064c920ddb
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95518d340f2c6e9bee1f7d4e9cbbe3522dbbb694148dd770fa516eaf4c44140f
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"abb5-7438674ba0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WjCM7FVLCUSq1k70VsGtzFnU9KEa17pNiN0674QE2cuDkPu3L1hRfC0fpuQiW8t%2FvmvMJNxGnn7WXrRl%2Fqp54wd9x2iE8BZQ3wVnikv8HOnDBfsS1ithnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
cf-request-id
079f29e74d00001f3d87ac2000000001
cf-ray
611212854d071f3d-FRA
BAByDUSW_400x400.jpg
undev.ninja/content/images/size/w100/2020/04/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/size/w100/2020/04/BAByDUSW_400x400.jpg
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6addf0e5118ed351832be61d630d409b25d63769bae4e7cc2c0a2077951f6ae
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
5372
cf-request-id
079f29e75300001f3d7a142000000001
referrer-policy
no-referrer
last-modified
Thu, 09 Apr 2020 10:58:38 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"14fc-1715e977c15"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=t749qVpCpWAUV6j7pVze%2FmRjHCd779vkJTRVqkPVVTxC%2BaGiv38djDKFAEco9oTHLJho%2BwE0s683vyxRcrjBlwESqi%2FmGxwu%2BcBEHWCcZik%2FNiu6gQ5LBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d1f1f3d-FRA
image-1.png
undev.ninja/content/images/2020/09/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-1.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab055877705a63b847069220e1be549bf0d611dd63046f9e4b53306aa9bc9d9a
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
31169
cf-request-id
079f29e75300001f3da30a6000000001
referrer-policy
no-referrer
last-modified
Sun, 06 Sep 2020 06:50:42 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"79c1-174622e67ec"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Aba%2Bmn4GhdYAtk0%2BHxL5ELbtijSaw9PqBSH16E55l%2FdY7nyl78xrLGL6ERfans6Lc1fmdzrO66ubwbESrov%2BFvof8ji10KReOBd7hTT7uWBjvm5iTlYBUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d211f3d-FRA
image.png
undev.ninja/content/images/2020/09/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
606be0691752754ad5a85e7c9ccead4e8b3a5187f2eab3801fbcd4a2f7284099
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
25733
cf-request-id
079f29e75400001f3dc3ace000000001
referrer-policy
no-referrer
last-modified
Sun, 06 Sep 2020 06:49:12 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"6485-174622d0726"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=B2gZA9bXmJZquQLFtCO99tCdu4fbzjWVdNJE97rVneIbYGfgFtfdBB6mf9y2TMa%2FZqKttcjwAb3WGp1TchpT%2BwsNekym7OHXW1bCG6u3qWn9%2BVEPPyITPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d231f3d-FRA
image-2.png
undev.ninja/content/images/2020/09/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-2.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
173640e9d36856ab6d7e71ff3f39451019e71cbc21773cbf109f922e3d0a3744
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
21658
cf-request-id
079f29e75400001f3de0b07000000001
referrer-policy
no-referrer
last-modified
Sun, 06 Sep 2020 07:17:17 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"549a-1746246bc61"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GXodHthrm301Y98U9an9zFba5zNSWwbtyvwfaYB0HtFprHNUH5rbemaR%2B%2FA%2FhV4%2Fu84YR2mz12wTCYtApGudZnaX6YSn%2BzvJ7sJHL%2B3ctXxfC0m0OcIp3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d241f3d-FRA
image-3.png
undev.ninja/content/images/2020/09/ 		138 KB
139 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-3.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f66837f01b4799d66a757d0f7cab227ccf048c06c27dea0254f866bfa7494f83
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
141364
cf-request-id
079f29e75400001f3db58f0000000001
referrer-policy
no-referrer
last-modified
Sun, 06 Sep 2020 12:37:36 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"22834-174636c01d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IrFIGV%2ByaMB%2FOWGA0y6LO40dinYnqFTmcc4aOcGmbT80vJsTVwoQHdah6JY099%2BXkqPMg8fnXH94fKsr6njAni7UDDFI%2FebQjpTYOPYmu4Rw20W6PoC9og%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d271f3d-FRA
image-4.png
undev.ninja/content/images/2020/09/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-4.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3099a8e6a776bff10c99e3a2277eab35c6195c0df0d795319fe2fb6863db2011
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
21624
cf-request-id
079f29e75800001f3d0bb99000000001
referrer-policy
no-referrer
last-modified
Sun, 06 Sep 2020 13:46:51 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5478-17463ab6664"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PgNH%2FgCXxSpExg1LHeA3%2FP1Lt%2Fj4%2BWguFL847X7diGoao%2BLLFI%2B9sZU2ktlmOlZsGy6u%2F8jpfn3%2BP9vm2oQkSyKMPkLaFLvISQSCenTT7JdgZIH%2ByHIw%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d281f3d-FRA
image-5.png
undev.ninja/content/images/2020/09/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-5.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c82b9261d63d9b2d533dd340aa1368627b318cafd2bb34a8b9bb01447d5657e
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
40052
cf-request-id
079f29e75500001f3de5167000000001
referrer-policy
no-referrer
last-modified
Sun, 06 Sep 2020 14:13:25 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"9c74-17463c3b8d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lp%2BGZMyGRnT0a5fN8UtGTabpzKY%2FOdhigpUce%2Fawdi0GM67OY42jzUwwQOP4PQ0d05xERM9epHuWPujZ9yBItV4Y7WfMq6X4hJBJR%2FG6iXOhIAKCjHYZMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d2b1f3d-FRA
image-10.png
undev.ninja/content/images/2020/09/ 		52 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-10.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76d1e890fb0385c5ecf7317e201700f9db12204701d59068ea32c5de93a4cae5
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
53643
cf-request-id
079f29e75500001f3def36f000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 09:23:47 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"d18b-17467e0ec89"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zv2iiDFWkcLuNQFSXdekEd9SgqWBt70%2Bv2Op%2FFJBVeBjnvfatzR1G3vJcSmD4irN9PrCmknkA6RW1bBf7S%2BHm0bIa6kSuTR7g9Oi%2BhhrjUZ%2BNbUztRTRdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d2c1f3d-FRA
image-11.png
undev.ninja/content/images/2020/09/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-11.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6fdaa268f301433b11421d4334a9abae474623938df36f2f6b0dd50cce744dd
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
47362
cf-request-id
079f29e75500001f3dd59e6000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 10:03:11 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"b902-1746804feca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FRenC2H0hs7t2EawdMJJzxqwBnrT27v5lgOH1MIzq98zo%2Bd%2FpNF7WBY9ty0osWeXorGITr5Il%2BPnxvICBKFNu5%2FJQf%2BQMFRJX9gpK2o2a7Yk4CbTL1MC0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d2e1f3d-FRA
image-12.png
undev.ninja/content/images/2020/09/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-12.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
710e0e382b0795b461d74f18c903660fb168130c4a5d99f40411d38a39f41c46
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
7184
cf-request-id
079f29e75600001f3deaa73000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 10:24:04 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"1c10-17468181cfa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QqfGDQRL7C0QCApaOrwbNtYLAxo8xsYBEyBR2D8Ar391ehe5PMyjll7wlE%2BMEHefMYM7SaAQwkame86aA5D%2F%2BinIrtCNj5hlJAow4E9VUZk8yNmFVEMV%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d301f3d-FRA
image-14.png
undev.ninja/content/images/2020/09/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-14.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a371279521d4ed36f9b54d5c65b26d31d81a6c285eadc4849a185552e3cbf8c0
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
18780
cf-request-id
079f29e75d00001f3dd6983000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 10:42:20 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"495c-1746828d500"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R9hTe3X8pRsQ6l1htIJwL%2Bw1wJO20WjGnlSx3%2FTw54hFUCw2LjYlKqCHwFPozS336oUJwsLiM9j8ev%2B6DDq9OZr10DtAVnhxOrp1j8r%2FkQg45UOsOzO%2BVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d481f3d-FRA
image-15.png
undev.ninja/content/images/2020/09/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-15.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7df9f7964731085638163f93de2bd23e2045999bed6afa46b5d42a6cc2cbf990
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
32807
cf-request-id
079f29e75e00001f3dd8138000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 11:34:55 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"8027-1746858f85c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xhBUE1ZDpMtbi21rTJdfjwxLSosS9AU1j%2F%2FdHka8MwdkMHkYU%2FSfr5h%2FHtdEJAm0LzfAwW5snFK%2B6A5ovkR%2BzDDDmObHpqfYpuplsnfKrZ2%2BxeNGfvwkLw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d491f3d-FRA
image-16.png
undev.ninja/content/images/2020/09/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-16.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6c96fdd92e4578ea1bdf139fbbf6f656c88fa984aa64ce5c622d57eeef1e630
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
10255
cf-request-id
079f29e75d00001f3da30a8000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 12:43:18 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"280f-174689795cd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IoIu8QxJay%2FcTc4sfgKVeX7h7tGrJhAc84zPv3AV3Kow1uSX0MgvsVplIAXVmtPldNoIT05A5Vgo4kLCz3NMDdE2Gk7qezxjLO4mfn0bIwK2tPXHYS%2Boxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d4b1f3d-FRA
image-17.png
undev.ninja/content/images/2020/09/ 		38 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-17.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fbf797df6b58ab3ac7940adeeba32d9edd513a7ba3d10f61798e8c4e93a7e2c
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
39305
cf-request-id
079f29e75e00001f3de9a4b000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 12:48:08 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"9989-174689c01ac"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=o27Zi8cYvjnyFnWVIoNvb83%2FTZzaBt6jXkElla7E892xWMt66dFRAAjDKLiZ7sEg0BJQKtxET9dXWaq%2Fgu%2BzXEiw4H04h7Mef4rHfAN1oDU%2BybaEgTRtDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d4c1f3d-FRA
image-18.png
undev.ninja/content/images/2020/09/ 		57 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-18.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5c6f7dbf4279f9ed7b668b20a30b496b351978f355ce7e1ee7db0555ccacfe
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
57954
cf-request-id
079f29e75e00001f3dc8236000000001
referrer-policy
no-referrer
last-modified
Mon, 07 Sep 2020 12:50:22 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"e262-174689e0e2e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nknbVaBtHXi15Fg8g%2FXcriTWrNPMxPn68d6AIpz5GBmt6Q7A158MWNW%2FA6xswjlm2rqOE%2BQ2pfCeaZcJsr%2F83twwvxuLva9gBTk6u2Kt5UnLqFCvlDsYeg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d4f1f3d-FRA
image-19.png
undev.ninja/content/images/2020/09/ 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-19.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9746e83e255baaece1c7982916cd2a9a223d850eb69b3de9ff0f3577c7b3c5
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
39913
cf-request-id
079f29e75e00001f3dc3acf000000001
referrer-policy
no-referrer
last-modified
Thu, 10 Sep 2020 12:21:35 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"9be9-17477f6c5d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SjPf9rY0cLWiTFYtqEQD2oPzV64nKdV6Jmcv3vkUS6AyrLD2SzDq7aJu%2BRR%2BBhL1CVWuV9mTJzuaLTFUIKdz2V50EiDaW0JhNkFoZv4I%2Fr0yeE%2B34CAgiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d501f3d-FRA
image-21.png
undev.ninja/content/images/2020/09/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-21.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
845f27f284903c44c13c11e7b2213887a867794db61c85fa0ccb4f4a89daba8c
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
55585
cf-request-id
079f29e75f00001f3de0b09000000001
referrer-policy
no-referrer
last-modified
Fri, 11 Sep 2020 08:31:47 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"d921-1747c4abfe0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=KjUScFOcGJMl71TiEn409EUHr4VU26ooxIkuANTf%2Bosl5SKoPxbQOE6rC7FVaX4e%2B5FLFKO7H%2BSfIjXgVp6kGKKxVSqL2NzBaptnoKOBNXzvsObb5gJ9vw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d511f3d-FRA
image-22.png
undev.ninja/content/images/2020/09/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-22.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29bbe2a38dcc0c998069c8162e0406a396b327a0fc4f301fde680dcca2c8975f
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
46041
cf-request-id
079f29e75f00001f3db58f2000000001
referrer-policy
no-referrer
last-modified
Fri, 11 Sep 2020 09:45:33 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"b3d9-1747c8e4971"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A17DcJ%2BqsuNOQ6YzXLZvaHNQnsIsbclzM01mAUJdrlYyJ%2F2vIXcJL%2B%2BXEW5PAWEQaUV13Z6OucUJJEyWzPn5EU62KrVxnjRROxIqrZtlKU6rDnDTyIlmkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d521f3d-FRA
image-24.png
undev.ninja/content/images/2020/09/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-24.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0845484135a4304b08b10f45e6f4aae0e7d79c6868cb870b7a33e4cf47f70ea9
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
32588
cf-request-id
079f29e75f00001f3d093a9000000001
referrer-policy
no-referrer
last-modified
Fri, 11 Sep 2020 10:30:57 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"7f4c-1747cb7d9f8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pxfSSQ6aHFVKKGIcUSXMN5kmuSfCZ%2Blj0BR79Ta%2FIEBXpM1FCzkVckYyxc1uNYbTrbec5dNcjv807fOs%2BE00x5HHiJRQOO3bVeV8dDWkxfarovgmO2KO8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212855d531f3d-FRA
image-25.png
undev.ninja/content/images/2020/09/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-25.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12f53c66d0ad3d44b01ea2e7bf4b47b355bf74c18fcedfdd1075576d6beae149
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
42086
cf-request-id
079f29e76100001f3de5168000000001
referrer-policy
no-referrer
last-modified
Fri, 11 Sep 2020 14:05:11 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"a466-1747d7bfb0c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=N8qC7ef45A1SUTTT1Srx7pY%2B9x%2FIEEu9aEfYkuK1IuG93gY%2BqZgvuw7HIJ8bWydj4HBqjV4KWMQfNNGHqJ0Gf27Fc%2BQArp15Zh4wvT8Hi6qckDEDkCpoww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212856d591f3d-FRA
image-26.png
undev.ninja/content/images/2020/09/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-26.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5929c6f3b7ad1e5bb1401dd519ef5636f1c9dbec9650efc816adae814f674d4b
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
40081
cf-request-id
079f29e76100001f3d87ac4000000001
referrer-policy
no-referrer
last-modified
Sun, 27 Sep 2020 02:00:20 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"9c91-174cd4a1bb2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ti19KaSz%2FyGJhRB%2BaDMqiTCWhzjwdZvncJgul9rhRaxpY9%2Fy0rCmuGiMN6AIM8Tq6gJVELeikdjfl4uU1%2FJbrycT9FLSsOPvT4pdrlQnW8%2Bn%2FdEDsdwXMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212856d5a1f3d-FRA
image-27.png
undev.ninja/content/images/2020/09/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://undev.ninja/content/images/2020/09/image-27.png
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7899b3beb896817d32e01d60c4e8844254a181d1142fd1eed6bcf133c9e6d94a
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
content-length
21328
cf-request-id
079f29e76100001f3deaa74000000001
referrer-policy
no-referrer
last-modified
Sun, 27 Sep 2020 06:11:44 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"5350-174ce304742"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BLQGcibpaZD1fYK%2BoXJq%2FDtA5L9Fq24SjiULrw7vTmu9q1npuuFqSTbiqTTrr6SWcH%2BXrZtXIFKVwGgddgNO2m%2FgQayToqE7Yq5k0S%2BsSoGbcYcw4ChT2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
x-xss-protection
1; mode=block
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
accept-ranges
bytes
cf-ray
611212856d5b1f3d-FRA
2gPBxXbmXm1xdILQOPDFYLB_6nrWl4pz2f4Rjsnc9ZHJnVe2OqUkjQWj9CcIZULgFPCcoiUgkay-fsc4KzbKuVQLx02QBLbuNmwf8CXmNjhXWbTEEJZjXgY0ja1YYxMVkA
lh6.googleusercontent.com/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh6.googleusercontent.com/2gPBxXbmXm1xdILQOPDFYLB_6nrWl4pz2f4Rjsnc9ZHJnVe2OqUkjQWj9CcIZULgFPCcoiUgkay-fsc4KzbKuVQLx02QBLbuNmwf8CXmNjhXWbTEEJZjXgY0ja1YYxMVkA
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
353f0d152aaa63a271a5b928b7ce85f516bbaa329ae1f89a3d22d8a27438681c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="pasted image 0.png"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26470
x-xss-protection
0
expires
Thu, 14 Jan 2021 21:04:54 GMT
HmKpSQ24ACRCAFmGVXrsgxMgoPgLCOWCWcc0l8pRot6eu0XMSi4NqWW2T-Q8vkssXuLcHtMOb-SwXcYfCJwOReSHYM5ts-IwsCQOdNgxrFs_7TykJAK7m502Gl2pzLKuIQ
lh5.googleusercontent.com/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/HmKpSQ24ACRCAFmGVXrsgxMgoPgLCOWCWcc0l8pRot6eu0XMSi4NqWW2T-Q8vkssXuLcHtMOb-SwXcYfCJwOReSHYM5ts-IwsCQOdNgxrFs_7TykJAK7m502Gl2pzLKuIQ
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
f05a75cc8598f77bd76b1f06a478d4f8dc375d959a2e9c00491fd312554ae6b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="pasted image 0.png"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32978
x-xss-protection
0
expires
Thu, 14 Jan 2021 21:04:54 GMT
jquery-3.4.1.min.js
code.jquery.com/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Origin
https://undev.ninja
Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
content-encoding
gzip
last-modified
Wed, 01 May 2019 21:14:27 GMT
server
nginx
etag
W/"5cca0c33-15851"
vary
Accept-Encoding
x-hw
1610571894.dop222.fr8.t,1610571894.cds270.fr8.hc,1610571894.cds236.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30638
casper.js
undev.ninja/assets/built/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://undev.ninja/assets/built/casper.js?v=064c920ddb
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:1bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa00f3b89536fc4b3404271a5131a2868a337e8c20c9679ef8e1677622cc70f6
Security Headers
Name Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 21:04:54 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"e07-7438674ba0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=63072000; includeSubdomains;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FwJ2kL%2F8L1ohoACTE6SZsu1rQ4YMm%2Bid8z%2FJBerJXU3bYEGI6SNqs2BRrhW6n7YvA3pvRFoe4cPcl2MCX37eRF8YJTeIkTRxB8CzcFGdpCRk%2Bc7HZFaPBw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
feature-policy
autoplay 'none'; camera 'none'
content-security-policy
img-src https: data:;
cf-request-id
079f29e76100001f3d84358000000001
cf-ray
611212856d551f3d-FRA
Cookie set h8FmGDrY
mega.nz/embed/ Frame C40C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://mega.nz/embed/h8FmGDrY
Requested by
Host: undev.ninja
URL: https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2a0b:e40:3::12 , Netherlands, ASN205809 (MEGA, NZ),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob:
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Host
mega.nz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://undev.ninja/sysmon-internals-from-file-delete-event-to-kernel-code-execution/

Response headers

Content-Type
text/html
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
MEGA-Chrome-Antileak
Access-Control-Max-Age
86400
Content-Encoding
gzip
Content-Length
739
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Set-Cookie
geoip=DE
Content-Security-Policy
default-src 'self' data: blob: *.mega.co.nz *.mega.nz http://*.mega.co.nz http://*.mega.nz wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz data: blob:; frame-src 'self' mega: *.megaad.nz; img-src 'self' *.mega.co.nz *.mega.nz data: blob:
Connection
Keep-Alive

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| Casper function| getParameterByName object| action

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy img-src https: data:;
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
lh5.googleusercontent.com
lh6.googleusercontent.com
mega.nz
undev.ninja
2001:4de0:ac19::1:b:2a
2606:4700:3030::6815:1bf
2a00:1450:4001:821::2001
2a0b:e40:3::12
0845484135a4304b08b10f45e6f4aae0e7d79c6868cb870b7a33e4cf47f70ea9
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
12f53c66d0ad3d44b01ea2e7bf4b47b355bf74c18fcedfdd1075576d6beae149
173640e9d36856ab6d7e71ff3f39451019e71cbc21773cbf109f922e3d0a3744
29bbe2a38dcc0c998069c8162e0406a396b327a0fc4f301fde680dcca2c8975f
2fbf797df6b58ab3ac7940adeeba32d9edd513a7ba3d10f61798e8c4e93a7e2c
3099a8e6a776bff10c99e3a2277eab35c6195c0df0d795319fe2fb6863db2011
353f0d152aaa63a271a5b928b7ce85f516bbaa329ae1f89a3d22d8a27438681c
5929c6f3b7ad1e5bb1401dd519ef5636f1c9dbec9650efc816adae814f674d4b
5b9746e83e255baaece1c7982916cd2a9a223d850eb69b3de9ff0f3577c7b3c5
606be0691752754ad5a85e7c9ccead4e8b3a5187f2eab3801fbcd4a2f7284099
68a5ee30648b879d9f3f7bd1a048d60beb9584298b34810bd4744eda73778bac
710e0e382b0795b461d74f18c903660fb168130c4a5d99f40411d38a39f41c46
76d1e890fb0385c5ecf7317e201700f9db12204701d59068ea32c5de93a4cae5
7899b3beb896817d32e01d60c4e8844254a181d1142fd1eed6bcf133c9e6d94a
7df9f7964731085638163f93de2bd23e2045999bed6afa46b5d42a6cc2cbf990
845f27f284903c44c13c11e7b2213887a867794db61c85fa0ccb4f4a89daba8c
95518d340f2c6e9bee1f7d4e9cbbe3522dbbb694148dd770fa516eaf4c44140f
9c82b9261d63d9b2d533dd340aa1368627b318cafd2bb34a8b9bb01447d5657e
a371279521d4ed36f9b54d5c65b26d31d81a6c285eadc4849a185552e3cbf8c0
a6c96fdd92e4578ea1bdf139fbbf6f656c88fa984aa64ce5c622d57eeef1e630
aa00f3b89536fc4b3404271a5131a2868a337e8c20c9679ef8e1677622cc70f6
ab055877705a63b847069220e1be549bf0d611dd63046f9e4b53306aa9bc9d9a
d6fdaa268f301433b11421d4334a9abae474623938df36f2f6b0dd50cce744dd
f05a75cc8598f77bd76b1f06a478d4f8dc375d959a2e9c00491fd312554ae6b7
f66837f01b4799d66a757d0f7cab227ccf048c06c27dea0254f866bfa7494f83
f6addf0e5118ed351832be61d630d409b25d63769bae4e7cc2c0a2077951f6ae
fd5c6f7dbf4279f9ed7b668b20a30b496b351978f355ce7e1ee7db0555ccacfe