urlscan.io logo urlscan.io
SecurityTrails logo

www.ired.team Open in urlscan Pro
188.166.160.174  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Effective URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Submission: On July 31 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 45 HTTP transactions. The main IP is 188.166.160.174, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is www.ired.team.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 22nd 2020. Valid for: 3 months.
This is the only time www.ired.team was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 188.166.160.174 14061 (DIGITALOC...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
31 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a04:4e42:200... 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:e0:... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
45 11
2    188.166.160.174 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: eu2-do-fra.blobs.gitbook.me
ired.team
www.ired.team
1    2a00:1450:4001:81e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:7caf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
31    2606:4700::6812:96f (United States)

ASN13335 (CLOUDFLARENET, US)
gstatic.gitbook.com
gblobscdn.gitbook.com
app.gitbook.com
www.gitbook.com
1    2a04:4e42:200::621 (Ascension Island)

ASN54113 (FASTLY, US)
polyfill.io
2    2a00:1450:4001:81a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh5.googleusercontent.com
2    2a02:26f0:6c00:19e::353e (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
docs.microsoft.com
1    2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:e0::ac40:6502 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.lr-ingest.io
3    2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
21 gblobscdn.gitbook.com www.ired.team
gstatic.gitbook.com
8 gstatic.gitbook.com www.ired.team
gstatic.gitbook.com
3 www.google-analytics.com gstatic.gitbook.com
2 docs.microsoft.com www.ired.team
2 lh5.googleusercontent.com www.ired.team
gstatic.gitbook.com
1 www.gitbook.com gstatic.gitbook.com
1 app.gitbook.com gstatic.gitbook.com
1 cdn.lr-ingest.io gstatic.gitbook.com
1 fonts.gstatic.com www.ired.team
1 polyfill.io www.ired.team
1 unpkg.com www.ired.team
1 fonts.googleapis.com www.ired.team
1 www.ired.team
1 ired.team 1 redirects
45 14
Subject Issuer Validity Valid
www.ired.team
Let's Encrypt Authority X3		 2020-07-22 -
2020-10-20		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-04-06 -
2020-10-09		 6 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-07-08 -
2021-04-17		 9 months crt.sh
*.googleusercontent.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
docs.microsoft.com
Microsoft IT TLS CA 1		 2019-04-19 -
2021-04-19		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Frame ID: A95526B1BF17946E8EDDD05CECDD3F9F
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studi... HTTP 302
    https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/polyfill\.min\.js/i

Page Statistics

45
Requests

98 %
HTTPS

90 %
IPv6

10
Domains

14
Subdomains

11
IPs

3
Countries

4298 kB
Transfer

10709 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs HTTP 302
    https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
www.ired.team/offensive-security/defense-evasion/
Redirect Chain
  • https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
  • https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
2 MB
346 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.166.160.174 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
eu2-do-fra.blobs.gitbook.me
Software
/
Resource Hash
0c2b30c3332f9bb2b1dd5919dad3b7efdbc2f0cca16fea9e2db88ae07e987cbd

Request headers

:method
GET
:authority
www.ired.team
:scheme
https
:path
/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
age
10145
content-encoding
gzip
content-type
text/html; charset=utf-8
etag
W/"19a467-k3wEZE28NWDdp1g3bvzZrBp3UXE"
last-modified
Fri, 31 Jul 2020 01:51:11 GMT
vary
Accept-Encoding
x-cache
HIT
x-cdn-cache-group
-LFEMnER3fywgFHoroYn
date
Fri, 31 Jul 2020 04:40:16 GMT

Redirect headers

status
302
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-security-policy
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:
content-type
text/html; charset=utf-8
date
Fri, 31 Jul 2020 04:40:16 GMT
function-execution-id
5nd6eq1xrq8s
location
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
referrer-policy
no-referrer-when-downgrade
server
Google Frontend
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding, Authorization, Cookie, X-CDN-Host, Accept
x-cache
MISS
x-cloud-trace-context
13757bb5ec26732cc8cc0003443c6291
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
content-length
151
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a50802bae8591348f6ee1a33ba6c0ebfb7d9011eb9571c67f9c324daa779cfdf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 31 Jul 2020 04:40:16 GMT
server
ESF
date
Fri, 31 Jul 2020 04:40:16 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 31 Jul 2020 04:40:16 GMT
emojione-sprite-40.min.css
unpkg.com/emojione-assets@4.0.0/sprites/ 		183 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/emojione-assets@4.0.0/sprites/emojione-sprite-40.min.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
8469069
status
200
vary
Accept-Encoding
cf-request-id
0444c4ca7c00009796672b1200000001
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"2dc7c-MlEndlChcp6B66cJCh5yD8CB/Fo"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
e9a16aeaeb575aad39009b5bf7f9e8da
cache-control
public, max-age=31536000
cf-ray
5bb4a3f0cade9796-FRA
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
content-encoding
gzip
cf-cache-status
HIT
age
9354100
cf-polished
origSize=1701
x-guploader-uploadid
AEnB2UrlDK_P-tvLL-hZ_KGdddll9vW79s8Qa_b-ki9YM-sK1t0EWBgQY9--qdFaOWT8Vnfu71c6ElLCX4IAdLRYoC4u5ADuSV8savv_0MOwQLLCCCI-0so
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
0444c4ca88000005f18383a200000001
last-modified
Sat, 04 Apr 2020 21:36:58 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1583845128372242
access-control-allow-origin
*
expires
Fri, 09 Apr 2021 13:05:02 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
5bb4a3f0d91705f1-FRA
cf-bgj
minify
polyfill.min.js
polyfill.io/v3/ 		72 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?flags=gated&features=Intl
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
6878165
detected-user-agent
Chrome Mobile/83.0.4103
status
200
request_came_from_shield
FRA
server-timing
HIT, fastly;desc="Edge time";dur=0, HIT, fastly;desc="Edge time";dur=0
content-length
74
referrer-policy
origin-when-cross-origin
last-modified
Tue, 12 May 2020 13:13:15 GMT
date
Fri, 31 Jul 2020 04:40:16 GMT
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/83.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png
gblobscdn.gitbook.com/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
cf-cache-status
HIT
age
5166755
x-guploader-uploadid
AAANsUlMpqhuPwwtimWInrIHOriRAd2AhLLdRqiNqWp2n0BT_Du82TRHLdQzSi_dCI_wOxd3Z8BGlVQRtz7U4x-PkZO2avBgqQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
29066
cf-request-id
0444c4ca970000c2b896943200000001
last-modified
Sat, 08 Sep 2018 20:00:14 GMT
server
cloudflare
etag
"2965c5f978755802debc0291c5574853"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation
1536436814766237
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
29066
x-goog-meta-firebasestoragedownloadtokens
1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges
bytes
cf-ray
5bb4a3f0faddc2b8-FRA
expires
Thu, 27 May 2021 12:37:09 GMT
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
x-content-type-options
nosniff
age
0
status
200
content-disposition
inline;filename=""
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 26 Jul 2020 15:40:12 GMT
111.fba489a3.js
gstatic.gitbook.com/js/ 		3 MB
942 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/111.fba489a3.js
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da1700d6b052cee8b724b74e23b32b7baa5c9bd6ad2b42b54770f9039ea5a6fc

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Origin
https://www.ired.team

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
content-encoding
gzip
cf-cache-status
HIT
age
716692
status
200
cf-polished
origSize=3408682
x-guploader-uploadid
AAANsUlHbqN0EOWwfKTWIlNxvQhJu4wbW9VXS6cog2Y1LsnFWk3Vxyvq8MJNtgwjzDhEAiCcmewA55WXREE1ph_rCA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
0444c4cabc000016f25e82a200000001
expires
Wed, 30 Jun 2021 17:25:43 GMT
last-modified
Tue, 30 Jun 2020 17:23:36 GMT
server
cloudflare
etag
W/"4c00f40e639d0138d65b2836958bf17f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=X98Jmw==, md5=TAD0DmOdATjWWyg2lYvxfw==
x-goog-generation
1593537816588459
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
3408682
cf-ray
5bb4a3f12af416f2-FRA
cf-bgj
minify
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/ 		449 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:19e::353e , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
status
200
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 16 Dec 2019 19:04:37 GMT
x-datacenter
wus
date
Fri, 31 Jul 2020 04:40:16 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=884
etag
"0x8D7825ACB981CED"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:21aee9e4-1cf5-4750-b2bd-78b2747f4211
expires
Fri, 31 Jul 2020 04:55:00 GMT
f4fa50c4003f87e7dc10459e500933c3.woff
gstatic.gitbook.com/fonts/ 		92 KB
93 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/f4fa50c4003f87e7dc10459e500933c3.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Origin
https://www.ired.team

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
cf-cache-status
HIT
age
716692
x-guploader-uploadid
AEnB2UpI_BqTAZIOqM1zQJlYUz0lXS0y6CCvAisuh6orhBvUiwbkdq2I4d0l9u_a7ojhHngwXtxqFpd0RBCd8usJCH_hf3YGqwqRkumAONewcAEgD110wjc
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94368
cf-request-id
0444c4cabd000016f25e82b200000001
last-modified
Tue, 30 Jun 2020 17:23:36 GMT
server
cloudflare
etag
"f4fa50c4003f87e7dc10459e500933c3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=FUjfEA==, md5=9PpQxAA/h+fcEEWeUAkzww==
x-goog-generation
1583845128534922
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94368
accept-ranges
bytes
cf-ray
5bb4a3f12afd16f2-FRA
expires
Thu, 08 Jul 2021 13:10:40 GMT
72e37e5bf95a8dba938c78b1d7d91253.woff
gstatic.gitbook.com/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/72e37e5bf95a8dba938c78b1d7d91253.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Origin
https://www.ired.team

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
cf-cache-status
HIT
age
716692
x-guploader-uploadid
AAANsUlWbz4vazEENIzf5-4g6uOwHWllNIE1HHsKAe_KM3PAP9jdZr5BYmBRXhlKhYQxN6wJnL0QZHpHg8f3orrjTwo
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94040
cf-request-id
0444c4cabe000016f25e82c200000001
last-modified
Mon, 22 Jun 2020 13:52:30 GMT
server
cloudflare
etag
"72e37e5bf95a8dba938c78b1d7d91253"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=TBIniA==, md5=cuN+W/lajbqTjHix19kSUw==
x-goog-generation
1590520794693204
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94040
accept-ranges
bytes
cf-ray
5bb4a3f13b0016f2-FRA
expires
Sat, 26 Jun 2021 09:14:21 GMT
fc3d4b35e4d07d4e0485cc2db0e57c77.woff
gstatic.gitbook.com/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/fc3d4b35e4d07d4e0485cc2db0e57c77.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Origin
https://www.ired.team

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
cf-cache-status
HIT
age
716692
x-guploader-uploadid
AAANsUk4CLegsQ6uBdkzyNaZgES0MgmC8JQ1M6maB8AXO2dY5jbQ-DvECbkcXo72_VGGguvZvQOSh9arM5y5vHjmVXY
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
93788
cf-request-id
0444c4cabf000016f25e82d200000001
last-modified
Mon, 22 Jun 2020 13:52:30 GMT
server
cloudflare
etag
"fc3d4b35e4d07d4e0485cc2db0e57c77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=7TN+QQ==, md5=/D1LNeTQfU4EhcwtsOV8dw==
x-goog-generation
1589820837495477
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
93788
accept-ranges
bytes
cf-ray
5bb4a3f13b0216f2-FRA
expires
Fri, 25 Jun 2021 03:32:41 GMT
HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
fonts.gstatic.com/s/sourcecodepro/v11/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcecodepro/v11/HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq7Gq0DA.woff2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Origin
https://www.ired.team

Response headers

date
Thu, 30 Jul 2020 02:51:10 GMT
x-content-type-options
nosniff
last-modified
Thu, 22 Aug 2019 20:45:13 GMT
server
sffe
age
92946
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11232
x-xss-protection
0
expires
Fri, 30 Jul 2021 02:51:10 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png
gblobscdn.gitbook.com/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png?alt=media&token=5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e7af20bf828f0bef62fdc576b55c1ff6e2fce144321286548e6603f5de5b3c2

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUnTRBEk7gxURmllJqxoMuVkhZ5iW50s18Pez8RCSFSN435hzC63O195SfYZf6QEFAoMqPO88KLeL4HRs5M02tE
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
42185
cf-request-id
0444c4cb340000c2b89694a200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"ca14c741761d2f3e3cd310eb2589cdeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VButHw==, md5=yhTHQXYdLz480xDrJYnN6w==
x-goog-generation
1562505597293291
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
42185
x-goog-meta-firebasestoragedownloadtokens
5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
accept-ranges
bytes
cf-ray
5bb4a3f1ebeec2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png
gblobscdn.gitbook.com/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png?alt=media&token=fe38d794-7ef3-429f-946d-097bee5f8565
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7edc4c63b721a6cf081a6f4b9a676d64abb7953ee6bb770f45d0b6a7ca5f1d79

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUng2HXxyKXvgTmcYL094J_6-nxzskXgiK7owuR79aT-hUhL0JVcGF29Qp8MNHw6k0VN3z82wTSxAN86_hFWY3Y
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
46600
cf-request-id
0444c4cb350000c2b89694b200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"fe685c9c5e46f45e0d699f9c1835d3e3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=PXQLdQ==, md5=/mhcnF5G9F4NaZ+cGDXT4w==
x-goog-generation
1562505597085480
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
46600
x-goog-meta-firebasestoragedownloadtokens
fe38d794-7ef3-429f-946d-097bee5f8565
accept-ranges
bytes
cf-ray
5bb4a3f1ebefc2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png
gblobscdn.gitbook.com/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png?alt=media&token=c3e845dc-f3f0-484b-b9cd-173e5b92c970
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25599a4f79b3b74be393d2a0d55386ed73a28360af4f7b693a75593e8ff36a8b

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUn8S2UhXd9vwwNv_SHrDhzGXLaXCpi5TAaC7bVHDkQpX49R0te4-7M7GR1uDBBsb6zvcdRGDQXQ45KegeBHKtlS6Z8sdA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
27890
cf-request-id
0444c4cb350000c2b89694c200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"9f676533c7e81b9c2aa11bc347c2a2e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jIgsaA==, md5=n2dlM8foG5wqoRvDR8Ki6Q==
x-goog-generation
1562505597082428
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
27890
x-goog-meta-firebasestoragedownloadtokens
c3e845dc-f3f0-484b-b9cd-173e5b92c970
accept-ranges
bytes
cf-ray
5bb4a3f1ebf0c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png
gblobscdn.gitbook.com/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png?alt=media&token=59316efd-8f34-4808-b60f-43d2fb36f4b2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd8421a188c6b000167a66d7397edf18c54c7f18c24e0fe078d7c45aeae84ef4

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUnDLsNz12dLQGzPz4_L_NI68gpuasNu5x6JIxvyWoJGBY-qgTflstEq5E2J_L_KSZXAubLNeUjKs_vValuTseM0iJXGcw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
92397
cf-request-id
0444c4cb350000c2b89694d200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"2b0fd2b58694f79194dbad709c1b407b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=JN5RqQ==, md5=Kw/StYaU95GU261wnBtAew==
x-goog-generation
1562505597695041
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
92397
x-goog-meta-firebasestoragedownloadtokens
59316efd-8f34-4808-b60f-43d2fb36f4b2
accept-ranges
bytes
cf-ray
5bb4a3f1ebf1c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png
gblobscdn.gitbook.com/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png?alt=media&token=a250b915-a7e2-4760-8183-d576f1482b3d
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f064bc8ed20d75e78805ec7c40459498070952acb3985faca22a35e3c9f78b5

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUm3blQac6kwLjgcmrjfFLM3tAvDCo91lC1m5jmnZGb-FBNlThLRs0fDbQvXi9vZOOAFv_qUytRRDOkwvw8MpBxYEqLLoQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
9204
cf-request-id
0444c4cb350000c2b89694e200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"7e21e93c4eb6c35937cae29ac75c189d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=55IcWA==, md5=fiHpPE62w1k3yuKax1wYnQ==
x-goog-generation
1562507414312028
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
9204
x-goog-meta-firebasestoragedownloadtokens
a250b915-a7e2-4760-8183-d576f1482b3d
accept-ranges
bytes
cf-ray
5bb4a3f1ebf2c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png
gblobscdn.gitbook.com/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png?alt=media&token=95617a95-5298-48cf-a2de-f2dcfe881df5
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2069c259c3eef690d62c0d9ca55a89498efbaedeb74b65070513ffbf60df6bb6

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUlPMo414r5eD51_BdzcSF9MUZ2DtnkTI64B1-lcvoEwfTlsBEjI4cYCOis2JE9fWmdIicp6AKihmBGkz7JqYYQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
28334
cf-request-id
0444c4cb350000c2b89694f200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"96ff9af4be090f6f1b9cd6b152632c9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=NlADyQ==, md5=lv+a9L4JD28bnNaxUmMsnw==
x-goog-generation
1562507414384037
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
28334
x-goog-meta-firebasestoragedownloadtokens
95617a95-5298-48cf-a2de-f2dcfe881df5
accept-ranges
bytes
cf-ray
5bb4a3f1ebf3c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png
gblobscdn.gitbook.com/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png?alt=media&token=dee1844a-d4b1-4ff9-b234-06b2af94cea2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dce5da46efff3e6f2a0becf8686d2a98b52c575e3d23affab7a091d8b27d1f9

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUmMy-Z9NUav1bOQlVA9IozTgz0njhtsg9Rr0Y_0kfNpvGFWzH75A5dTml3pbE3CHNVpCncThyWpBNnAnG-n-1pLon6TCw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
25134
cf-request-id
0444c4cb350000c2b896950200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"17b7f296cb9b1b39f97ebc9bd1e5f41e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ThmbgQ==, md5=F7fylsubGzn5fryb0eX0Hg==
x-goog-generation
1562507414318112
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
25134
x-goog-meta-firebasestoragedownloadtokens
dee1844a-d4b1-4ff9-b234-06b2af94cea2
accept-ranges
bytes
cf-ray
5bb4a3f1ebf4c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png
gblobscdn.gitbook.com/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png?alt=media&token=6cae38da-10f6-4375-87dd-fa9553be721b
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35167ba1fc4cf1fc06cf5c7d659855729ac71fa694a7cb007ac76d2cf5160883

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUmMQ0AnfacP1xvBYwLgTk5V6IUfbhpiXDkrQBo5mDbcUGZ86X133mrqw6NnAKemnkJ-IxrtTQCEomuFiTGrkNvE1Jy5_g
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
19691
cf-request-id
0444c4cb350000c2b896951200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"9202003a2104260df732b0ec0b13b60e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=RFG7fw==, md5=kgIAOiEEJg33MrDsCxO2Dg==
x-goog-generation
1562507414340087
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
19691
x-goog-meta-firebasestoragedownloadtokens
6cae38da-10f6-4375-87dd-fa9553be721b
accept-ranges
bytes
cf-ray
5bb4a3f1ebf5c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png
gblobscdn.gitbook.com/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png?alt=media&token=ba8aab2e-113c-433f-9490-03d371794790
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
395aee6ff583c57a3b9c68837e58ebd3ab82dc69277f22e8532b61fe97ed298c

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUkL8SJF26-xBK-zhOZX8Pb6NVvltuqq3w29HWYncGya6KpjEulC7lfvTgpV6pW9PFASkCf8LETCF6f653MXysk
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
107667
cf-request-id
0444c4cb350000c2b896952200000001
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"731d9f99b1f900e807fa1627250db841"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=u6c++Q==, md5=cx2fmbH5AOgH+hYnJQ24QQ==
x-goog-generation
1562507415058104
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
107667
x-goog-meta-firebasestoragedownloadtokens
ba8aab2e-113c-433f-9490-03d371794790
accept-ranges
bytes
cf-ray
5bb4a3f1ebf6c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif
gblobscdn.gitbook.com/ 		796 KB
797 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif?alt=media&token=a66279aa-f0d6-426c-bfeb-c95c8896aabb
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26229819090dce19bc974819478b2daa7be55f4f7803259b68eb9f6af6587dbe

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUknxxDz8ZXCmc-aCrSBuMK7e5R5TSEqMawQd5UafXXiS7rE0PopMFAabX3-Xt3BW7eZ3u6hbwYH1TjKPKKfV__BisZ0Zw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''syscall-debugging.gif
content-type
image/gif
content-length
815106
cf-request-id
0444c4cb360000c2b896953200000001
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"3b64be8009f87c22037997bc714e1d19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=KWhVFw==, md5=O2S+gAn4fCIDeZe8cU4dGQ==
x-goog-generation
1562507415745379
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
815106
x-goog-meta-firebasestoragedownloadtokens
a66279aa-f0d6-426c-bfeb-c95c8896aabb
accept-ranges
bytes
cf-ray
5bb4a3f1fbf8c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
logger.min.js
cdn.lr-ingest.io/ 		741 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.lr-ingest.io/logger.min.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6502 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a523f1e7f62d922a5b5a70d04f1be238325f640ce43977c1747b088c7ec534f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
content-encoding
br
vary
x-fh-requested-host, accept-encoding
cf-cache-status
HIT
age
229
x-cache
MISS
status
200
cf-request-id
0444c4cc330000c2d604040200000001
x-served-by
cache-fra19143-FRA
last-modified
Thu, 30 Jul 2020 17:15:51 GMT
server
cloudflare
x-timer
S1596129537.189971,VS0,VE409
etag
W/"b8c0bc9dbc36f7b18da08ab9006db5b23e219c9154f749f0e4f3c4c486f9f3a5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31556926
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
5bb4a3f38d6ec2d6-FRA
x-cache-hits
0
__session
app.gitbook.com/ 		52 B
736 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.gitbook.com/__session?proposed=b79d7c09-3813-493c-98cd-36d33e236a4bR
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2fe028ccf223f31b33e53b15822fd6e1e186e42e349105e97f6b0f2bceb7179b

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:17 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
x-magic-hash
ac17b279964ad48c1b69f28ae8f440e76dda9b56cd2409f16c17fcfe1d3b549b
x-powered-by
Express
x-cache
MISS
x-release
gitbook-28427-6.18.10
status
200
cf-request-id
0444c4cda1000005f183874200000001
access-control-allow-origin
https://www.ired.team
server
cloudflare
etag
W/"34-5UbW4ww6Oym744OiLirqNP6KnBI"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
via
no cache
x-cloud-trace-context
fc074f2b35fca8c0e67f6c6138c38c28
cache-control
private
access-control-allow-credentials
true
function-execution-id
squix8tbw7dk
cf-ray
5bb4a3f5c94405f1-FRA
expires
Fri, 31 Jul 2020 04:40:17 GMT
82a01679-71ac-4768-8ce9-6e9b30a2113c
https://www.ired.team/ 		558 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ired.team/82a01679-71ac-4768-8ce9-6e9b30a2113c
Requested by
Host: cdn.lr-ingest.io
URL: https://cdn.lr-ingest.io/logger.min.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ba616478d0c90f662578778e44fb80425482a5a730c80383884f0e477c41d13

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length
570993
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png
gblobscdn.gitbook.com/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png?alt=media&token=5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e7af20bf828f0bef62fdc576b55c1ff6e2fce144321286548e6603f5de5b3c2

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
x-guploader-uploadid
AAANsUnTRBEk7gxURmllJqxoMuVkhZ5iW50s18Pez8RCSFSN435hzC63O195SfYZf6QEFAoMqPO88KLeL4HRs5M02tE
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
42185
cf-request-id
0444c4cf610000c2b896974200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"ca14c741761d2f3e3cd310eb2589cdeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VButHw==, md5=yhTHQXYdLz480xDrJYnN6w==
x-goog-generation
1562505597293291
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
42185
x-goog-meta-firebasestoragedownloadtokens
5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
accept-ranges
bytes
cf-ray
5bb4a3f89c10c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png
gblobscdn.gitbook.com/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png?alt=media&token=fe38d794-7ef3-429f-946d-097bee5f8565
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7edc4c63b721a6cf081a6f4b9a676d64abb7953ee6bb770f45d0b6a7ca5f1d79

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUkKilM1_HST6mDHaXSrH-QpWFB8lrAunK2VXFErP2pU_1jU4zgv_dqaHt9smWWhayTqYwbZtpeqwzz26oN2GG0
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
46600
cf-request-id
0444c4cf620000c2b896975200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"fe685c9c5e46f45e0d699f9c1835d3e3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=PXQLdQ==, md5=/mhcnF5G9F4NaZ+cGDXT4w==
x-goog-generation
1562505597085480
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
46600
x-goog-meta-firebasestoragedownloadtokens
fe38d794-7ef3-429f-946d-097bee5f8565
accept-ranges
bytes
cf-ray
5bb4a3f89c14c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:18 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png
gblobscdn.gitbook.com/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png?alt=media&token=c3e845dc-f3f0-484b-b9cd-173e5b92c970
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25599a4f79b3b74be393d2a0d55386ed73a28360af4f7b693a75593e8ff36a8b

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
x-guploader-uploadid
AAANsUn8S2UhXd9vwwNv_SHrDhzGXLaXCpi5TAaC7bVHDkQpX49R0te4-7M7GR1uDBBsb6zvcdRGDQXQ45KegeBHKtlS6Z8sdA
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
27890
cf-request-id
0444c4cf630000c2b896976200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"9f676533c7e81b9c2aa11bc347c2a2e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jIgsaA==, md5=n2dlM8foG5wqoRvDR8Ki6Q==
x-goog-generation
1562505597082428
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
27890
x-goog-meta-firebasestoragedownloadtokens
c3e845dc-f3f0-484b-b9cd-173e5b92c970
accept-ranges
bytes
cf-ray
5bb4a3f89c15c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png
gblobscdn.gitbook.com/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png?alt=media&token=59316efd-8f34-4808-b60f-43d2fb36f4b2
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd8421a188c6b000167a66d7397edf18c54c7f18c24e0fe078d7c45aeae84ef4

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
x-guploader-uploadid
AAANsUnDLsNz12dLQGzPz4_L_NI68gpuasNu5x6JIxvyWoJGBY-qgTflstEq5E2J_L_KSZXAubLNeUjKs_vValuTseM0iJXGcw
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
92397
cf-request-id
0444c4cf650000c2b896977200000001
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"2b0fd2b58694f79194dbad709c1b407b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=JN5RqQ==, md5=Kw/StYaU95GU261wnBtAew==
x-goog-generation
1562505597695041
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
92397
x-goog-meta-firebasestoragedownloadtokens
59316efd-8f34-4808-b60f-43d2fb36f4b2
accept-ranges
bytes
cf-ray
5bb4a3f8ac20c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png
gblobscdn.gitbook.com/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png?alt=media&token=a250b915-a7e2-4760-8183-d576f1482b3d
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f064bc8ed20d75e78805ec7c40459498070952acb3985faca22a35e3c9f78b5

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
x-guploader-uploadid
AAANsUm3blQac6kwLjgcmrjfFLM3tAvDCo91lC1m5jmnZGb-FBNlThLRs0fDbQvXi9vZOOAFv_qUytRRDOkwvw8MpBxYEqLLoQ
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
9204
cf-request-id
0444c4cf7c0000c2b896978200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"7e21e93c4eb6c35937cae29ac75c189d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=55IcWA==, md5=fiHpPE62w1k3yuKax1wYnQ==
x-goog-generation
1562507414312028
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
9204
x-goog-meta-firebasestoragedownloadtokens
a250b915-a7e2-4760-8183-d576f1482b3d
accept-ranges
bytes
cf-ray
5bb4a3f8cc48c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png
gblobscdn.gitbook.com/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png?alt=media&token=95617a95-5298-48cf-a2de-f2dcfe881df5
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2069c259c3eef690d62c0d9ca55a89498efbaedeb74b65070513ffbf60df6bb6

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUlCRCcFd_Al4uudW-Ifa57cxulCAS-vLuMA5KBpCiixaBdUSGTmyWsCUgt49k0DfMBQ2z8TiL0WE4z6UnnPvrk
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
28334
cf-request-id
0444c4cf800000c2b896979200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"96ff9af4be090f6f1b9cd6b152632c9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=NlADyQ==, md5=lv+a9L4JD28bnNaxUmMsnw==
x-goog-generation
1562507414384037
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
28334
x-goog-meta-firebasestoragedownloadtokens
95617a95-5298-48cf-a2de-f2dcfe881df5
accept-ranges
bytes
cf-ray
5bb4a3f8cc4dc2b8-FRA
expires
Sat, 31 Jul 2021 04:40:18 GMT
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 		1 KB
741 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
content-encoding
gzip
cf-cache-status
HIT
age
9354102
cf-polished
origSize=1701
x-guploader-uploadid
AEnB2UrlDK_P-tvLL-hZ_KGdddll9vW79s8Qa_b-ki9YM-sK1t0EWBgQY9--qdFaOWT8Vnfu71c6ElLCX4IAdLRYoC4u5ADuSV8savv_0MOwQLLCCCI-0so
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
0444c4cf80000005f183893200000001
last-modified
Sat, 04 Apr 2020 21:36:58 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1583845128372242
access-control-allow-origin
*
expires
Fri, 09 Apr 2021 13:05:02 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
5bb4a3f8ce8905f1-FRA
cf-bgj
minify
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png
gblobscdn.gitbook.com/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png?alt=media&token=dee1844a-d4b1-4ff9-b234-06b2af94cea2
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dce5da46efff3e6f2a0becf8686d2a98b52c575e3d23affab7a091d8b27d1f9

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUn2OwWs-nKbp8fcPf_ouDXj9huLMwm9OHP1F5l30ixJdJWYWo9lPA-R0_SWoW2xBltVIXa8oAeWbAWl_aXGxCc
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
25134
cf-request-id
0444c4cf970000c2b89697a200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"17b7f296cb9b1b39f97ebc9bd1e5f41e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ThmbgQ==, md5=F7fylsubGzn5fryb0eX0Hg==
x-goog-generation
1562507414318112
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
25134
x-goog-meta-firebasestoragedownloadtokens
dee1844a-d4b1-4ff9-b234-06b2af94cea2
accept-ranges
bytes
cf-ray
5bb4a3f8fc6ac2b8-FRA
expires
Sat, 31 Jul 2021 04:40:18 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png
gblobscdn.gitbook.com/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png?alt=media&token=6cae38da-10f6-4375-87dd-fa9553be721b
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35167ba1fc4cf1fc06cf5c7d659855729ac71fa694a7cb007ac76d2cf5160883

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUkBlcSqX_Ju1qxpvqWjUmMFB5YFSACITuHkIaqVS-fybK0R6Dek4SMV8WijGstvLMUjcPF1075okm5uC0jOPrLUO-0v7w
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
19691
cf-request-id
0444c4cf9a0000c2b89697b200000001
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"9202003a2104260df732b0ec0b13b60e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=RFG7fw==, md5=kgIAOiEEJg33MrDsCxO2Dg==
x-goog-generation
1562507414340087
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
19691
x-goog-meta-firebasestoragedownloadtokens
6cae38da-10f6-4375-87dd-fa9553be721b
accept-ranges
bytes
cf-ray
5bb4a3f8fc6ec2b8-FRA
expires
Sat, 31 Jul 2021 04:40:18 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png
gblobscdn.gitbook.com/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png?alt=media&token=ba8aab2e-113c-433f-9490-03d371794790
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
395aee6ff583c57a3b9c68837e58ebd3ab82dc69277f22e8532b61fe97ed298c

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
status
200
x-guploader-uploadid
AAANsUlQJMJ8IopXsYK6z6SXvCLZ7k0akUPtE26e9Iy5kLYPq1EOYgqS1CzNVLrdKIXOV5yGrwrS6gj2f9MCcgKuzY3IMTx2tg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
107667
cf-request-id
0444c4cfb10000c2b89697c200000001
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"731d9f99b1f900e807fa1627250db841"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=u6c++Q==, md5=cx2fmbH5AOgH+hYnJQ24QQ==
x-goog-generation
1562507415058104
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
107667
x-goog-meta-firebasestoragedownloadtokens
ba8aab2e-113c-433f-9490-03d371794790
accept-ranges
bytes
cf-ray
5bb4a3f91c90c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:18 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif
gblobscdn.gitbook.com/ 		796 KB
797 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif?alt=media&token=a66279aa-f0d6-426c-bfeb-c95c8896aabb
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26229819090dce19bc974819478b2daa7be55f4f7803259b68eb9f6af6587dbe

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
cf-cache-status
MISS
x-guploader-uploadid
AAANsUknxxDz8ZXCmc-aCrSBuMK7e5R5TSEqMawQd5UafXXiS7rE0PopMFAabX3-Xt3BW7eZ3u6hbwYH1TjKPKKfV__BisZ0Zw
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''syscall-debugging.gif
content-type
image/gif
content-length
815106
cf-request-id
0444c4cfb10000c2b89697d200000001
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"3b64be8009f87c22037997bc714e1d19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=KWhVFw==, md5=O2S+gAn4fCIDeZe8cU4dGQ==
x-goog-generation
1562507415745379
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
815106
x-goog-meta-firebasestoragedownloadtokens
a66279aa-f0d6-426c-bfeb-c95c8896aabb
accept-ranges
bytes
cf-ray
5bb4a3f91c92c2b8-FRA
expires
Sat, 31 Jul 2021 04:40:17 GMT
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:16 GMT
x-content-type-options
nosniff
age
2
status
200
content-disposition
inline;filename=""
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Sun, 26 Jul 2020 15:40:12 GMT
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/ 		449 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:19e::353e , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
status
200
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Mon, 16 Dec 2019 19:04:37 GMT
x-datacenter
wus
date
Fri, 31 Jul 2020 04:40:18 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=882
etag
"0x8D7825ACB981CED"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:21aee9e4-1cf5-4750-b2bd-78b2747f4211
expires
Fri, 31 Jul 2020 04:55:00 GMT
/
www.gitbook.com/__amp/ 		7 B
289 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gitbook.com/__amp/
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 31 Jul 2020 04:40:19 GMT
cf-cache-status
DYNAMIC
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=15768000
cf-ray
5bb4a3f9eea816f2-FRA
content-length
7
cf-request-id
0444c4d034000016f25e85f200000001
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
1479
date
Fri, 31 Jul 2020 04:15:39 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Fri, 31 Jul 2020 06:15:39 GMT
7f9239ce726764aa22093884902e018d.svg
gstatic.gitbook.com/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gstatic.gitbook.com/images/7f9239ce726764aa22093884902e018d.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:18 GMT
content-encoding
gzip
cf-cache-status
HIT
age
9354817
x-guploader-uploadid
AEnB2Up4_u4zsu-VzeTELd0oacAlZEN_VuSfwJg4nLtQ2217uVqL3_snTm0ea4BPUQnb0dkmty19gyuS1IAzP119HZVqUcn_Sw
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/svg+xml
cf-request-id
0444c4d03d000005f1838b0200000001
last-modified
Sat, 04 Apr 2020 21:36:58 GMT
server
cloudflare
etag
W/"7f9239ce726764aa22093884902e018d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VnuT0A==, md5=f5I5znJnZKoiCTiEkC4BjQ==
x-goog-generation
1583845128485401
access-control-allow-origin
*
expires
Fri, 09 Apr 2021 13:06:16 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
2137
cf-ray
5bb4a3f9f8e505f1-FRA
cf-bgj
h2pri
collect
www.google-analytics.com/r/ 		35 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1269615036&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&dp=%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&ul=en-us&de=UTF-8&dt=Calling%20Syscalls%20Directly%20from%20Visual%20Studio%20to%20Bypass%20AVs%2FEDRs%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEAB~&jid=1107740313&gjid=769925192&cid=1510365647.1596170418&tid=UA-57505611-10&_gid=1340288347.1596170418&_r=1&cd1=-LFEMnER3fywgFHoroYn&cd2=-LFEMnEQwqZOY6DtfrzY&cd3=-MCmJUCdoePZquH8MVYv&cd4=master&cd5=-LjAqSVI10yo-MJuXTts&z=1941882220
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 31 Jul 2020 04:40:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/r/ 		35 B
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1269615036&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&dp=%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&ul=en-us&de=UTF-8&dt=Calling%20Syscalls%20Directly%20from%20Visual%20Studio%20to%20Bypass%20AVs%2FEDRs%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEAB~&jid=19933406&gjid=515421797&cid=1510365647.1596170418&tid=UA-128974775-1&_gid=1340288347.1596170418&_r=1&z=620612252
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 31 Jul 2020 04:40:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
chunk.966.9bcdd26c.js
gstatic.gitbook.com/js/ 		1 MB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/chunk.966.9bcdd26c.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.fba489a3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 31 Jul 2020 04:40:22 GMT
content-encoding
gzip
cf-cache-status
HIT
age
9354816
cf-polished
origSize=1540766
x-guploader-uploadid
AEnB2UrE6u3DxUCkjkLF72H3TwQDMxmSuFonSV8WXpfUii-tAP17xchRAht7QXmMtWLKXDJ5RGZ5cKtFW53BWBKzZN8KrPYqYPyTcEJ7ud4fuOE2Nl48Ago
x-goog-storage-class
STANDARD
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
0444c4e221000005f1839a5200000001
last-modified
Fri, 27 Mar 2020 15:33:33 GMT
server
cloudflare
etag
W/"1ee0a04f04f79506addc6f9cc9ade2c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=6ui4QQ==, md5=HuCgTwT3lQat3G+cya3iwA==
x-goog-generation
1585323213534405
access-control-allow-origin
*
expires
Tue, 30 Mar 2021 08:54:44 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1540766
cf-ray
5bb4a416997305f1-FRA
cf-bgj
minify

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| GITBOOK_STATE object| __LOADABLE_LOADED_CHUNKS__ object| GitBook object| __SENTRY__ function| _lrMutationObserver object| __SDKCONFIG__ number| 2f1acc6c3a606b082e5eef5e54414ffb function| Intercom function| Mousetrap function| setImmediate function| clearImmediate object| Prism object| __algolia function| _LRLogger boolean| _lr_loaded boolean| __isReactDndBackendSetUp string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

1 Cookies

Domain/Path Name / Value
.ired.team/ Name: amplitude_id_fef1e872c952688acd962d30aa545b9eired.team
Value: eyJkZXZpY2VJZCI6ImI3OWQ3YzA5LTM4MTMtNDkzYy05OGNkLTM2ZDMzZTIzNmE0YlIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTU5NjE3MDQxNzg2OCwibGFzdEV2ZW50VGltZSI6MTU5NjE3MDQxODIxMCwiZXZlbnRJZCI6MSwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjF9

1 Console Messages

Source Level URL
Text
console-api log URL: https://gstatic.gitbook.com/js/111.fba489a3.js(Line 1)
Message:
Application ready

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.gitbook.com
cdn.lr-ingest.io
docs.microsoft.com
fonts.googleapis.com
fonts.gstatic.com
gblobscdn.gitbook.com
gstatic.gitbook.com
ired.team
lh5.googleusercontent.com
polyfill.io
unpkg.com
www.gitbook.com
www.google-analytics.com
www.ired.team
188.166.160.174
2606:4700::6810:7caf
2606:4700::6812:96f
2606:4700:e0::ac40:6502
2a00:1450:4001:816::200e
2a00:1450:4001:81a::2001
2a00:1450:4001:81e::200a
2a00:1450:4001:824::2003
2a02:26f0:6c00:19e::353e
2a04:4e42:200::621
0c2b30c3332f9bb2b1dd5919dad3b7efdbc2f0cca16fea9e2db88ae07e987cbd
0dce5da46efff3e6f2a0becf8686d2a98b52c575e3d23affab7a091d8b27d1f9
1a523f1e7f62d922a5b5a70d04f1be238325f640ce43977c1747b088c7ec534f
1e7af20bf828f0bef62fdc576b55c1ff6e2fce144321286548e6603f5de5b3c2
2069c259c3eef690d62c0d9ca55a89498efbaedeb74b65070513ffbf60df6bb6
25599a4f79b3b74be393d2a0d55386ed73a28360af4f7b693a75593e8ff36a8b
26229819090dce19bc974819478b2daa7be55f4f7803259b68eb9f6af6587dbe
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
2fe028ccf223f31b33e53b15822fd6e1e186e42e349105e97f6b0f2bceb7179b
35167ba1fc4cf1fc06cf5c7d659855729ac71fa694a7cb007ac76d2cf5160883
395aee6ff583c57a3b9c68837e58ebd3ab82dc69277f22e8532b61fe97ed298c
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a
59fd4f207936792ab9910baa7df5f1f7bff899e35e0428df34ab9a1319184052
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb
7edc4c63b721a6cf081a6f4b9a676d64abb7953ee6bb770f45d0b6a7ca5f1d79
7f064bc8ed20d75e78805ec7c40459498070952acb3985faca22a35e3c9f78b5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec
9ba616478d0c90f662578778e44fb80425482a5a730c80383884f0e477c41d13
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405
a50802bae8591348f6ee1a33ba6c0ebfb7d9011eb9571c67f9c324daa779cfdf
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2
bd8421a188c6b000167a66d7397edf18c54c7f18c24e0fe078d7c45aeae84ef4
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43
da1700d6b052cee8b724b74e23b32b7baa5c9bd6ad2b42b54770f9039ea5a6fc
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955