www.jaiminton.com Open in urlscan Pro
2606:4700:3036::ac43:98ec Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.jaiminton.com/cheatsheet/DFIR/
Submission: On April 11 via manual (April 11th 2023, 10:00:39 am UTC) from US — Scanned from DE

Summary HTTP 22 Redirects Links 260 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3036::ac43:98ec, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.jaiminton.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 18th 2023. Valid for: a year.

This is the only time www.jaiminton.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20	2606:4700:303... 2606:4700:3036::ac43:98ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:e2:... 2606:4700:e2::ac40:850f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	3

20 2606:4700:3036::ac43:98ec (United States)

ASN13335 (CLOUDFLARENET, US)

www.jaiminton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:850f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	jaiminton.com www.jaiminton.com	1 MB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1030	6 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1034	391 KB
22	3

	Domain	Requested by
20	www.jaiminton.com	www.jaiminton.com static.cloudflareinsights.com
1	static.cloudflareinsights.com	www.jaiminton.com
1	use.fontawesome.com	www.jaiminton.com
22	3

This site contains links to these domains. Also see Links.

Domain
buymeacoff.ee
www.hackthebox.eu
www.openbugbounty.org
twitter.com
www.linkedin.com
github.com
www.youtube.com
infosec.exchange
binalyze.com
irec.readthedocs.io
belkasoft.com
resources.infosecinstitute.com
www.magnetforensics.com
www.volexity.com
docs.microsoft.com
winpmem.velocidex.com
accessdata.com
www.x-ways.net
www.guidancesoftware.com
guymager.sourceforge.io
thedfirreport.com
stackoverflow.com
www.trustedsec.com
blog.didierstevens.com
gist.github.com
www.thezdi.com
modexp.wordpress.com
www.hexacorn.com
ericzimmerman.github.io
support.microsoft.com
attack.mitre.org
learn-powershell.net
blog.xpnsec.com
www.inversecos.com
www.sans.org
learn.microsoft.com
www.crowdstrike.com
medium.com
www.ired.team
plaso.readthedocs.io
www.cyber.gov.au
adsecurity.org
blog.ropnop.com
exiftool.org
malicious.link
blog.truesec.com
techcommunity.microsoft.com
en.wikipedia.org
msrc-blog.microsoft.com
aboutdfir.com
www.nirsoft.net
www.edgemanage.emmet-gray.com
www.foxtonforensics.com
developers.google.com
support.mozilla.org
regauth.standards.ieee.org
www.wireshark.org
unit42.paloaltonetworks.com
mitmproxy.org
wiki.wireshark.org
devblogs.microsoft.com
powerforensics.readthedocs.io
grr-doc.readthedocs.io
b2dfir.blogspot.com
cert.europa.eu
www.dfrws.org
gitlab.unizar.es
volatility3.readthedocs.io
learn.duffandphelps.com
downloads.digitalcorpora.org
www.forensicdots.de
gchq.github.io
urlscan.io
www.websiteplanet.com
unshorten.me
lolbas-project.github.io
gtfobins.github.io
malapi.io
lots-project.com
filesec.io
www.loldrivers.io
www.osquery.io
www.velocidex.com
b2xtranslator.sourceforge.net
arsenalrecon.com
www.sleuthkit.org
digital-forensics.sans.org
andreafortuna.org
www.guru99.com
bytefreaks.net
blog.apnic.net
www.mac4n6.com
forensics.wiki
docs.google.com
www.objective-see.com
car.mitre.org
redcanary.com
ss64.com
www.dfir.training
blog.commandlinekungfu.com
forensicswiki.org
mikefrobbins.com
blogs.technet.microsoft.com
tools.ietf.org
www.cybereason.com
www.datadigitally.com
www.bsk-consulting.de
www.blackhat.com
social.technet.microsoft.com
www.pdq.com
www.linuxnix.com
blogs.msdn.microsoft.com
az4n6.blogspot.com
www.a12d404.net
www.fireeye.com
www.microsoft.com
www.slideshare.net
dfironthemountain.wordpress.com
malware-traffic-analysis.net
posts.specterops.io
www.trustwave.com
www.facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-18` - `2024-02-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.jaiminton.com/cheatsheet/DFIR/
Frame ID: E4717EACD148D98A7C7B6BC8B9F02454
Requests: 19 HTTP requests in this frame

Frame: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1681200000
Frame ID: 3259A6EE44AA0D5AFCF9326B2331CFA9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Digital Forensics and Incident Response : Jai Minton

Detected technologies

particles.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

/particles(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

22
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

1656 kB
Transfer

2921 kB
Size

1
Cookies

260 Outgoing links

These are links going to different origins than the main page.

URL: https://buymeacoff.ee/JaiMinton
Title: ☕ Buy me a coffee

Search URL Search Domain Scan URL

URL: https://www.hackthebox.eu/profile/10636
Title: Hack The Box

Search URL Search Domain Scan URL

URL: https://www.openbugbounty.org/researchers/JPMinty/
Title: Open Bug Bounty

Search URL Search Domain Scan URL

URL: https://twitter.com/CyberRaiju
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/JaiMinton
Title: LinkedIN

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCGd1PoFk6FRDkYIMUYEWy4g
Title: YouTube

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@CyberRaiju
Title: Mastodon

Search URL Search Domain Scan URL

URL: https://github.com/ForensicArtifacts/artifacts/tree/master/data
Title: ForensicArtifacts

Search URL Search Domain Scan URL

URL: https://github.com/cloudbase/powershell-yaml
Title: ConvertFrom-Yaml module

Search URL Search Domain Scan URL

URL: https://github.com/jschicht/RawCopy
Title: RawCopy

Search URL Search Domain Scan URL

URL: https://binalyze.com/products/irec
Title: Binalyze IREC Evidence Collector

Search URL Search Domain Scan URL

URL: https://irec.readthedocs.io/en/latest/commandline.html
Title: Latest documentation

Search URL Search Domain Scan URL

URL: https://belkasoft.com/get?product=ram
Title: Belkasoft Live RAM Capturer

Search URL Search Domain Scan URL

URL: https://resources.infosecinstitute.com/memory-analysis-using-redline/
Title: Infosec Institute - Memory Analysis using Redline

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet/status/1273264867382788096?s=20
Title: Grzegorz Tworek - 0gtweet

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/resources/?cat=Free%20Tool
Title: Magnet Forensics Tools

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/free-tool-magnet-ram-capture
Title: Magnet RAM Capture

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/resources/magnet-process-capture/
Title: Magnet Process Capture

Search URL Search Domain Scan URL

URL: https://www.volexity.com/blog/2018/06/12/surge-collect-provides-reliable-memory-acquisition-across-windows-linux-and-macos/
Title: Volexity Surge

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/livekd
Title: Microsoft LiveKd

Search URL Search Domain Scan URL

URL: https://github.com/Velocidex/WinPmem/releases
Title: Winpmem

Search URL Search Domain Scan URL

URL: https://winpmem.velocidex.com/docs/memory/
Title: Winpmem Docs

Search URL Search Domain Scan URL

URL: https://accessdata.com/product-download
Title: FTK Imager (Cmd version, mostly GUI for new versions)

Search URL Search Domain Scan URL

URL: https://www.x-ways.net/order.html
Title: X-Ways Imager

Search URL Search Domain Scan URL

URL: https://www.guidancesoftware.com/encase-forensic
Title: Encase Forensic

Search URL Search Domain Scan URL

URL: https://www.guidancesoftware.com/tableau/download-center
Title: Tableau Imager

Search URL Search Domain Scan URL

URL: https://guymager.sourceforge.io/
Title: Guymager

Search URL Search Domain Scan URL

URL: https://github.com/sleuthkit/scalpel
Title: Scalpel

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-6
Title: Powershell

Search URL Search Domain Scan URL

URL: https://twitter.com/barnabyskeggs
Title: Special thanks Barnaby Skeggs

Search URL Search Domain Scan URL

URL: https://thedfirreport.com/2022/04/25/quantum-ransomware/
Title: Special Thanks, created from intel by The DFIR Report

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/29937568/how-can-i-find-the-product-guid-of-an-installed-msi-setup/29937569#29937569
Title: Special Thanks

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Quick overview of persistent locations (AutoRuns)

Search URL Search Domain Scan URL

URL: https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/
Title: Windows Telemetry Controller - Special Thanks to TrustedSec

Search URL Search Domain Scan URL

URL: https://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/
Title: Didier Stevens

Search URL Search Domain Scan URL

URL: https://blog.didierstevens.com/2006/06/22/save-safeboot/
Title: multiple times

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/660319/where-can-i-find-all-of-the-com-objects-that-can-be-created-in-powershell
Title: Original by Jeff Atwood

Search URL Search Domain Scan URL

URL: https://github.com/jay/gethooks/releases/tag/1.01
Title: GetHooks

Search URL Search Domain Scan URL

URL: https://gist.github.com/joswr1ght/c5d9773a90a22478309e9e427073fd30
Title: Special thanks - Josh Wright

Search URL Search Domain Scan URL

URL: https://twitter.com/markus_pieton/status/1189559716453801991
Title: Markus Piéton

Search URL Search Domain Scan URL

URL: https://www.thezdi.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell
Title: ProxyShell

Search URL Search Domain Scan URL

URL: https://modexp.wordpress.com/2019/07/27/process-injection-winsock/
Title: Special Thanks - odzhan

Search URL Search Domain Scan URL

URL: https://www.hexacorn.com/blog/2015/01/13/beyond-good-ol-run-key-part-24/
Title: Special Thanks - Hexacorn

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/fileio/master-file-table
Title: Microsoft Docs

Search URL Search Domain Scan URL

URL: https://ericzimmerman.github.io/#!index.md
Title: MFTExplorer

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4055535/how-to-disable-equation-editor-3-0
Title: More information on the below process

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1038/
Title: DLL Search Order Hijacking

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order
Title: Microsoft Docs

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1073/
Title: Dll Side Loading

Search URL Search Domain Scan URL

URL: https://learn-powershell.net/2014/05/09/quick-hits-list-all-available-wmi-namespaces-using-powershell/
Title: Enumerate WMI Namespaces

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz/blob/master/kiwi_passwords.yar
Title: Mimikatz Yara rule

Search URL Search Domain Scan URL

URL: https://blog.xpnsec.com/exploring-mimikatz-part-1/
Title: Adam Chester

Search URL Search Domain Scan URL

URL: https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
Title: Grzegorz Tworek

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/danderspritz-evtx
Title: DanderSpritz eventlogedit

Search URL Search Domain Scan URL

URL: https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
Title: Inversecos - How to Detect OAuth Access Token Theft in Azure

Search URL Search Domain Scan URL

URL: https://www.sans.org/posters/enterprise-cloud-forensics-incident-response-poster/
Title: Poster

Search URL Search Domain Scan URL

URL: https://github.com/CrowdStrike/CRT
Title: CrowdStrike CRT

Search URL Search Domain Scan URL

URL: https://gist.github.com/JPMinty/f4d60adafdfbc12b0e4226a27bf1dcb0
Title: PowerShell Module to show Process Tree

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
Title: ACE Strings

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-string-format
Title: Syntax of Security Descriptor String

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/listdlls
Title: ListDLLs

Search URL Search Domain Scan URL

URL: https://twitter.com/mattifestation/status/1366435525272481799
Title: Matt Graeber

Search URL Search Domain Scan URL

URL: https://gist.github.com/mgraeber-rc/7b9f4d497d75967afc58209df611508b
Title: Windows Defender Application Control system integrity policy

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/strings
Title: Strings

Search URL Search Domain Scan URL

URL: https://github.com/Neo23x0/Loki
Title: Loki Scanner

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/resources/community-tools/crowdresponse/
Title: Crowdresponse Scanner

Search URL Search Domain Scan URL

URL: https://binalyze.com/download/irec/
Title: IREC Tactical

Search URL Search Domain Scan URL

URL: https://github.com/virustotal/yara/releases/latest
Title: Yara

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty/PowerShellArsenal
Title: PowerShellArsenal

Search URL Search Domain Scan URL

URL: https://gist.github.com/JPMinty/beffcd18d8ec06b73643c2f38cde384d
Title: Get-InjectedThread

Search URL Search Domain Scan URL

URL: https://github.com/rapid7/metasploit-framework/wiki/Meterpreter
Title: Meterpreter Wiki

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4013567/how-to-disable-internet-explorer-on-windows
Title: More Information: MS Docs

Search URL Search Domain Scan URL

URL: https://github.com/BeanBagKing/EventFinder2
Title: Event Finder2

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet/status/1182516740955226112
Title: Grzegorz Tworek - 0gtweet

Search URL Search Domain Scan URL

URL: https://github.com/brimorlabs/KStrike
Title: User Access Logging (UAL) KStrike Parser

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/administration/user-access-logging/manage-user-access-logging
Title: here

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/user-access-logging-ual-overview/
Title: CrowdStrike Blog - Patrick Bennett

Search URL Search Domain Scan URL

URL: https://github.com/sans-blue-team/DeepBlueCLI
Title: DeepblueCLI

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/etw/about-event-tracing
Title: Event Tracing Architecture

Search URL Search Domain Scan URL

URL: https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
Title: post by Matt Graeber

Search URL Search Domain Scan URL

URL: https://twitter.com/spotheplanet
Title: Spotless

Search URL Search Domain Scan URL

URL: https://www.ired.team/miscellaneous-reversing-forensics/etw-event-tracing-for-windows-101
Title: crash course

Search URL Search Domain Scan URL

URL: https://plaso.readthedocs.io/en/latest/
Title: Plaso (Log2Timeline)

Search URL Search Domain Scan URL

URL: https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-004-remote-code-execution-vulnerability-being-actively-exploited-vulnerable-versions-teleriktelerik-ui-sophisticated-actors
Title: Australian Cyber Security Centre

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Title: here

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/wmi-architecture
Title: Microsoft Docs - WMI Architecture

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732952(v=ws.11)
Title: DSQuery

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc772217(v=ws.11)
Title: Netdom

Search URL Search Domain Scan URL

URL: https://adsecurity.org/?p=2398#MimikatzDCSync
Title: AD Security Blog by Sean Metcalf

Search URL Search Domain Scan URL

URL: https://github.com/clymb3r/PowerShell/blob/master/Invoke-NinjaCopy/Invoke-NinjaCopy.ps1
Title: Invoke-NinjaCopy

Search URL Search Domain Scan URL

URL: https://blog.ropnop.com/extracting-hashes-and-domain-info-from-ntds-dit/
Title: Ropnop - Extract Hashes and Domain Info

Search URL Search Domain Scan URL

URL: https://github.com/gdelugre/origami
Title: Github Download

Search URL Search Domain Scan URL

URL: https://exiftool.org/forum/index.php?topic=7227.0
Title: Phil Harvey

Search URL Search Domain Scan URL

URL: https://github.com/ANSSI-FR/bmc-tools
Title: BMC-Tools

Search URL Search Domain Scan URL

URL: https://malicious.link/post/2022/blocking-iso-mounting/
Title: Special Thanks - Mubix

Search URL Search Domain Scan URL

URL: https://twitter.com/gentilkiwi/status/1412483747321192451
Title: Flow chart

Search URL Search Domain Scan URL

URL: https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
Title: truesec

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Title: here

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/internet-explorer-11-desktop-app-retirement-faq/ba-p/2366549
Title: Microsoft recommends future app development not use the MSHTML (Trident) engine

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Trident_%28layout_engine%29
Title: here

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Title: MSRC

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthz/impersonation-levels
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin-start-backup
Title: wbadmin

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-date
Title: Get-Date

Search URL Search Domain Scan URL

URL: https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
Title: publicised this

Search URL Search Domain Scan URL

URL: https://github.com/decalage2/oletools/wiki/olevba
Title: olevba

Search URL Search Domain Scan URL

URL: https://github.com/chrisjd20/power_dump
Title: powerdump

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/ese_database_view.html
Title: ESE Database View

Search URL Search Domain Scan URL

URL: http://www.edgemanage.emmet-gray.com/Articles/ViewESE.html
Title: View ESE Database

Search URL Search Domain Scan URL

URL: https://medium.com/@7a616368/can-you-track-processes-accessing-the-camera-and-microphone-7e6885b37072
Title: Medium Post

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/16cb4ca1-9339-4d0c-a68d-bf1d6cc0f943
Title: File format specification

Search URL Search Domain Scan URL

URL: https://github.com/MarkBaggett/srum-dump
Title: SRUM-Dump

Search URL Search Domain Scan URL

URL: https://github.com/microsoft/etl2pcapng/releases
Title: Download

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty/PowerShell/blob/master/Scripts/Convert-ROT13.ps1
Title: Convert-ROT13.ps1

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/ie_cache_viewer.html
Title: IE Cache Viewer

Search URL Search Domain Scan URL

URL: https://www.foxtonforensics.com/browser-history-viewer/
Title: Browser History Viewer

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/browsing_history_view.html
Title: Browsing History View

Search URL Search Domain Scan URL

URL: https://developers.google.com/web/fundamentals/primers/service-workers/
Title: Service Worker Reference

Search URL Search Domain Scan URL

URL: https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data#w_what-information-is-stored-in-my-profile
Title: More Information

Search URL Search Domain Scan URL

URL: https://github.com/thumbcacheviewer/thumbcacheviewer
Title: Thumbcacheviewer

Search URL Search Domain Scan URL

URL: https://regauth.standards.ieee.org/standards-ra-web/pub/view.html#registries
Title: IEEE Webpage

Search URL Search Domain Scan URL

URL: https://www.wireshark.org/docs/man-pages/wireshark-filter.html
Title: General Wireshark Filter Reference

Search URL Search Domain Scan URL

URL: https://www.wireshark.org/docs/dfref/
Title: Full Wireshark Display Filter Reference

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/unit42-customizing-wireshark-changing-column-display/
Title: Customizing Wireshark – Changing Your Column Display

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/
Title: Using Wireshark – Display Filter Expressions

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/
Title: Using Wireshark: Identifying Hosts and Users

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/
Title: Using Wireshark: Exporting Objects from a Pcap

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/
Title: Wireshark Tutorial: Examining Trickbot Infections

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/
Title: Wireshark Tutorial: Examining Ursnif Infections

Search URL Search Domain Scan URL

URL: https://github.com/moxie0/sslstrip
Title: MITM Through SSLStrip

Search URL Search Domain Scan URL

URL: https://mitmproxy.org/
Title: MITM Through mitmproxy

Search URL Search Domain Scan URL

URL: https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret
Title: Using the (Pre)-Master-Secret SSLKEYLOGFILE

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/archive/blogs/nettracer/decrypting-ssltls-sessions-with-wireshark-reloaded
Title: Using an RSA Private Key

Search URL Search Domain Scan URL

URL: https://www.wireshark.org/docs/man-pages/mergecap.html
Title: mergecap

Search URL Search Domain Scan URL

URL: https://github.com/woanware/usbdeviceforensics
Title: More Information

Search URL Search Domain Scan URL

URL: https://github.com/analyzeDFIR/analyzePF
Title: analyzePF

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/win_prefetch_view.html
Title: WinPrefetchView

Search URL Search Domain Scan URL

URL: https://devblogs.microsoft.com/powershell/powershell-the-blue-team/
Title: PowerShell ♥ the Blue Team

Search URL Search Domain Scan URL

URL: https://powerforensics.readthedocs.io/en/latest/
Title: PowerForensics

Search URL Search Domain Scan URL

URL: https://github.com/google/grr
Title: Google Rapid Response

Search URL Search Domain Scan URL

URL: https://github.com/davehull/Kansa
Title: Kansa PowerShell IR Framework

Search URL Search Domain Scan URL

URL: https://grr-doc.readthedocs.io/en/latest/index.html
Title: GRR Docs

Search URL Search Domain Scan URL

URL: https://b2dfir.blogspot.com/2018/11/windows-powershell-remoting-host-based.html
Title: Thanks Barnaby Skeggs

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#administrative-tools-and-logon-types
Title: Microsoft Documentation

Search URL Search Domain Scan URL

URL: https://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf
Title: Cert EU

Search URL Search Domain Scan URL

URL: http://www.dfrws.org/sites/default/files/session-files/characteristics_and_detectability_of_windows_auto-start_extensibility_points_in_memory_forensics.pdf
Title: Research Paper

Search URL Search Domain Scan URL

URL: https://gitlab.unizar.es/rrodrigu/winesap
Title: Volatility Plugin - Winesap

Search URL Search Domain Scan URL

URL: https://github.com/csababarta/volatility_plugins
Title: csababarta plugins

Search URL Search Domain Scan URL

URL: https://github.com/volatilityfoundation/volatility3/
Title: Version 3 of Volatility

Search URL Search Domain Scan URL

URL: https://volatility3.readthedocs.io/en/latest/basics.html
Title: ReadTheDocs

Search URL Search Domain Scan URL

URL: https://github.com/keydet89/RegRipper3.0
Title: RegRipper

Search URL Search Domain Scan URL

URL: https://learn.duffandphelps.com/kape
Title: Kape

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=L9H1uj2HSb8
Title: Video Tutorial

Search URL Search Domain Scan URL

URL: https://github.com/cyb3rpeace/chainsaw
Title: Chainsaw

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/ShimCacheParser
Title: ShimCaheParser

Search URL Search Domain Scan URL

URL: http://downloads.digitalcorpora.org/downloads/bulk_extractor/
Title: Bulk Extractor

Search URL Search Domain Scan URL

URL: https://www.forensicdots.de/
Title: ForensicDots

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Machine_Identification_Code
Title: Machine Identification Code

Search URL Search Domain Scan URL

URL: https://gchq.github.io/CyberChef/
Title: Cyber Chef

Search URL Search Domain Scan URL

URL: https://github.com/gchq/CyberChef
Title: Github

Search URL Search Domain Scan URL

URL: https://urlscan.io/
Title: URLScan

Search URL Search Domain Scan URL

URL: https://www.websiteplanet.com/webtools/redirected/?url=
Title: Redirect Tracker

Search URL Search Domain Scan URL

URL: https://unshorten.me/
Title: Unshorten Me

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/
Title: MITRE ATT&CK® Framework

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/
Title: LOLBAS Project

Search URL Search Domain Scan URL

URL: https://gtfobins.github.io/
Title: GTFOBins

Search URL Search Domain Scan URL

URL: https://malapi.io/
Title: MalAPI.io

Search URL Search Domain Scan URL

URL: https://lots-project.com/
Title: LOTS-Project

Search URL Search Domain Scan URL

URL: https://filesec.io/
Title: Filesec.io

Search URL Search Domain Scan URL

URL: https://www.loldrivers.io/
Title: LOLDrivers.io

Search URL Search Domain Scan URL

URL: https://www.osquery.io/
Title: OSQuery

Search URL Search Domain Scan URL

URL: https://www.velocidex.com/docs/
Title: Velociraptor

Search URL Search Domain Scan URL

URL: https://github.com/kirk-sayre-work/ViperMonkey
Title: ViperMonkey

Search URL Search Domain Scan URL

URL: https://github.com/DissectMalware/XLMMacroDeobfuscator
Title: XLM Macro Deobfuscator

Search URL Search Domain Scan URL

URL: http://b2xtranslator.sourceforge.net/snapshots/BiffView.zip
Title: BiffView

Search URL Search Domain Scan URL

URL: https://arsenalrecon.com/downloads/
Title: Arsenal Image Mounter

Search URL Search Domain Scan URL

URL: https://accessdata.com/product-download/ftk-imager-version-4-2-1
Title: FTK Imager

Search URL Search Domain Scan URL

URL: https://www.sleuthkit.org/autopsy/download.php
Title: Autopsy

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/office365/securitycompliance/search-for-and-delete-messages-in-your-organization
Title: this documentation

Search URL Search Domain Scan URL

URL: https://github.com/comaeio/SwishDbgExt
Title: Comaeio SwishDbgExt

Search URL Search Domain Scan URL

URL: https://digital-forensics.sans.org/media/DFPS_FOR508_v4.6_4-19.pdf
Title: Excellent SANS Reference

Search URL Search Domain Scan URL

URL: https://github.com/504ensicsLabs/LiME/releases
Title: LiME

Search URL Search Domain Scan URL

URL: https://github.com/Velocidex/c-aff4/releases/
Title: LinPMem

Search URL Search Domain Scan URL

URL: https://github.com/SekoiaLab/Fastir_Collector_Linux
Title: FastIR

Search URL Search Domain Scan URL

URL: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
Title: LinEnum

Search URL Search Domain Scan URL

URL: https://andreafortuna.org/2019/05/08/iptables-a-simple-cheatsheet/
Title: AndreaFortuna Cheatsheet

Search URL Search Domain Scan URL

URL: https://www.guru99.com/file-permissions.html
Title: File Permissions in Linux

Search URL Search Domain Scan URL

URL: https://bytefreaks.net/gnulinux/how-to-capture-all-network-traffic-of-a-single-process
Title: System Calls / Network Traffic

Search URL Search Domain Scan URL

URL: https://blog.apnic.net/2019/10/14/how-to-basic-linux-malware-process-forensics-for-incident-responders/
Title: Craig Rowland - Sandfly Security

Search URL Search Domain Scan URL

URL: https://twitter.com/iamevltwin
Title: Sarah Edwards

Search URL Search Domain Scan URL

URL: https://www.mac4n6.com/
Title: Mac4n6

Search URL Search Domain Scan URL

URL: https://digital-forensics.sans.org/media/FOR518-Reference-Sheet.pdf
Title: SANS FOR518 Reference Sheet

Search URL Search Domain Scan URL

URL: https://forensics.wiki/mac_os_x_10.9_artifacts_location/
Title: Mac OS X 10.9 Forensics Wiki

Search URL Search Domain Scan URL

URL: https://forensics.wiki/mac_os_x/
Title: Mac OS X Forensics Wiki

Search URL Search Domain Scan URL

URL: https://docs.google.com/spreadsheets/d/1X2Hu0NE2ptdRj023OVWIGp5dqZOw-CfxHLOW_GNGpX8/edit#gid=1317205466
Title: Mac OS X Forensics Artifacts Spreadsheet

Search URL Search Domain Scan URL

URL: https://github.com/wrmsr/pmem/tree/master/OSXPMem
Title: OSXPMem

Search URL Search Domain Scan URL

URL: https://github.com/google/rekall/releases/download/1.7.2rc1/rekall-OSX-1.7.2rc1.zip
Title: MacPmem

Search URL Search Domain Scan URL

URL: https://www.objective-see.com/products/knockknock.html
Title: Quick Overview (KnockKnock)

Search URL Search Domain Scan URL

URL: https://car.mitre.org/
Title: MITRE Cyber Analytics Repository

Search URL Search Domain Scan URL

URL: https://redcanary.com/atomic-red-team/
Title: Atomic Red Team

Search URL Search Domain Scan URL

URL: https://github.com/meirwah/awesome-incident-response
Title: Awesome Incident Response

Search URL Search Domain Scan URL

URL: https://github.com/Cugu/awesome-forensics
Title: Awesome Forensics

Search URL Search Domain Scan URL

URL: https://github.com/n0fate/mac-osx-forensics
Title: Mac OSX Forensics

Search URL Search Domain Scan URL

URL: https://github.com/pstirparo/mac4n6
Title: Unofficial Mac 4n6 Resources

Search URL Search Domain Scan URL

URL: https://ss64.com/osx/
Title: Apple macOS command line (OS X bash)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/13cubed
Title: 13Cubed

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=HcUMXxyYsnw
Title: John Strand Windows Live Forensics

Search URL Search Domain Scan URL

URL: https://www.dfir.training/resources/downloads/windows-registry
Title: DFIR Training Windows Registry

Search URL Search Domain Scan URL

URL: http://blog.commandlinekungfu.com/
Title: Commandlinekungfu

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc787567(v=ws.10)
Title: Microsoft Audit Logon Events

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-logonsession
Title: Windows Dev Win32_LogonSession

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=cYphLiySAC4
Title: Black Hills Information Security Windows Memory Forensics

Search URL Search Domain Scan URL

URL: https://forensicswiki.org/wiki/Main_Page
Title: Forensics Wiki

Search URL Search Domain Scan URL

URL: https://wiki.wireshark.org/DisplayFilters
Title: Wireshark Wiki

Search URL Search Domain Scan URL

URL: https://github.com/AustralianCyberSecurityCentre/windows_event_logging
Title: ACSC Github

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus
Title: Windows Defender Docs

Search URL Search Domain Scan URL

URL: https://mikefrobbins.com/2013/12/19/using-powershell-to-remove-phishing-emails-from-user-mailboxes-on-an-exchange-server/
Title: Mikefrobbins

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/office365/securitycompliance/search-for-and-delete-messagesadmin-help
Title: Microsoft Office365

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/search-mailbox
Title: Microsoft Exchange

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768
Title: Microsoft Threat Protection

Search URL Search Domain Scan URL

URL: https://adsecurity.org/?page_id=1821
Title: ADsecurity

Search URL Search Domain Scan URL

URL: https://twitter.com/wincmdfu
Title: Windows cmd fu

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/kovter-killer-how-to-remediate-the-apt-of-clickjacking/
Title: Crowdstrike

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/tip_of_the_day/2015/03/28/tip-of-the-day-reading-the-usn-journal/
Title: Technet Blog

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/rfc3227#section-2.1
Title: IETF RFC3227

Search URL Search Domain Scan URL

URL: https://www.cybereason.com/blog/adobe-worm-faker-uses-lolbins-and-dynamic-techniques-to-deliver-customized-payloads
Title: Cybereason Adobe Worm

Search URL Search Domain Scan URL

URL: https://medium.com/@melanijan93/windows-10-mail-app-forensics-39025f5418d2
Title: Melanijan93 Windows 10 mail forensics

Search URL Search Domain Scan URL

URL: https://www.cybereason.com/blog/triple-threat-emotet-deploys-trickbot-to-steal-data-spread-ryuk-ransomware
Title: Cybereason Trickbot

Search URL Search Domain Scan URL

URL: https://www.datadigitally.com/2019/06/retrieving-memory-image-remotely.html
Title: Bryan Ambrose

Search URL Search Domain Scan URL

URL: https://twitter.com/Lee_Holmes
Title: Lee Holmes

Search URL Search Domain Scan URL

URL: https://www.bsk-consulting.de/2014/08/28/scan-system-files-manipulations-yara-inverse-matching-22/
Title: Florian Roth

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf
Title: Matt Graeber

Search URL Search Domain Scan URL

URL: https://social.technet.microsoft.com/wiki/contents/articles/4242.wmi-discovery-using-powershell.aspx
Title: Vasily Gusev

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4672
Title: MS Docs 4672

Search URL Search Domain Scan URL

URL: https://www.pdq.com/blog/modifying-the-registry-users-powershell/
Title: Kris

Search URL Search Domain Scan URL

URL: https://medium.com/@fahimhossain_16989/adding-startup-scripts-to-launch-daemon-on-mac-os-x-sierra-10-12-6-7e0318c74de1
Title: Fahim Hossain

Search URL Search Domain Scan URL

URL: https://www.linuxnix.com/linux-directory-structure-explainedetc-folder/
Title: Surendra Anne

Search URL Search Domain Scan URL

URL: https://digital-forensics.sans.org/media/SANS_Poster_2018_Hunt_Evil_FINAL.pdf
Title: SANS Hunt Evil

Search URL Search Domain Scan URL

URL: https://blogs.msdn.microsoft.com/servergeeks/2014/10/14/active-directory-files-and-their-functions/
Title: Habibar Rahmen - MSDN Blog

Search URL Search Domain Scan URL

URL: https://az4n6.blogspot.com/2014/10/timestomp-mft-shenanigans.html
Title: Mari DeGrazia

Search URL Search Domain Scan URL

URL: https://www.a12d404.net/windows/2019/10/30/schedsvc-persist-without-task.html
Title: Markus Piéton

Search URL Search Domain Scan URL

URL: https://github.com/sbousseaden/Slides/blob/master/Windows%20DFIR%20Events.pdf
Title: Samir

Search URL Search Domain Scan URL

URL: https://twitter.com/SBousseaden/status/1243711784101515274/photo/1
Title: Samir - Persistence

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
Title: FireEye

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/download/details.aspx?id=36036
Title: Microsoft-Mitigating Pass-the-Hash Attacks

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/bsmuir/windows-10-forensics-os-evidentiary-artefacts
Title: Brent Muir - Windows 10 Forensics

Search URL Search Domain Scan URL

URL: https://dfironthemountain.wordpress.com/2018/12/06/locked-file-access-using-esentutl-exe/
Title: Mike Carey - Locked File Access Using ESENTUTL.exe

Search URL Search Domain Scan URL

URL: https://github.com/BornToBeRoot
Title: BornToBeRoot

Search URL Search Domain Scan URL

URL: https://malware-traffic-analysis.net/tutorials/index.html
Title: Malware-Traffic-Analysis - Brad Duncan

Search URL Search Domain Scan URL

URL: https://adsecurity.org/?p=3458
Title: ADsecurity - Detecting Kerberoasting Activity

Search URL Search Domain Scan URL

URL: https://github.com/eladshamir/Internal-Monologue
Title: eladshamir - Internal-Monologue

Search URL Search Domain Scan URL

URL: https://posts.specterops.io/defenders-think-in-graphs-too-part-1-572524c71e91
Title: Jared Atkinson - Defenders think in graphs too

Search URL Search Domain Scan URL

URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/more-excel-4-0-macro-malspam-campaigns/
Title: Diana Lopera - Trustwave

Search URL Search Domain Scan URL

URL: https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-004-remote-code-execution-vulnerability-being-actively-exploited-vulnerable-versions-telerik-ui-sophisticated-actors
Title: AustralianCyberSecurityCentre Advisory 2020-004

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2016/06/14/wheres-the-macro-malware-author-are-now-using-ole-embedding-to-deliver-malicious-files/?source=mmpc
Title: Microsoft - Where’s the Macro?

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?via=CyberRaiju&text=Digital+Forensics+and+Incident+Response%20https%3A%2F%2Fwww.jaiminton.com%2Fcheatsheet%2FDFIR%2F
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.jaiminton.com%2Fcheatsheet%2FDFIR%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.jaiminton.com%2Fcheatsheet%2FDFIR%2F
Title: LinkedIn

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.jaiminton.com/cheatsheet/DFIR/ 459 KB
99 KB 116ms
36ms Document
text/html 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 802f57ecdb1db95f6841d90c2e7d8f5c0ae712b6d2b6b0a3760ca26143770d40

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 287
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 7b6262086c0e6945-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 11 Apr 2023 10:00:30 GMT
expires: Tue, 11 Apr 2023 07:39:21 GMT
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SY%2BzT1l3Qc2y8NNXsTBA7Foq2RrD844Lsu58eLwl95c6zj5qTfv6b0OzP%2FalSCWk%2Fm1jON3x7xtyRwAtMy8tXABjsUbXNFQ8ZbGMj4LVDTKMtuuE9nQkpvWS90YAJNatC6ANbQ9PgsxMJAX2w1OfFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-fastly-request-id: ec82a66f10d16a72244b3e3957aaeb4da1db5add
x-github-request-id: 9342:18A2:255236D:26C6D31:64350C50
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230137-FRA
x-timer: S1681207231.808630,VS0,VE1

GET
H2 200 main.css
www.jaiminton.com/assets/css/ 62 KB
13 KB 35ms
32ms Stylesheet
text/css 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/css/main.css
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2cfbdba5cd0f63606455f32ac200a707f91e0027e5c83989b2bcd09b69926e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: b630e1d110620c7f1391a430a3298e2431bd1ef2
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:34:37 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230126-FRA
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
server: cloudflare
x-github-request-id: 9724:4DB1:18C9BC7:19B055A:64311709
x-timer: S1680945064.322570,VS0,VE98
etag: W/"643111b5-f97b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ywRxHVYEPurBfENGzHfzfYbYiqoX7Kg3qJOgpowjxqvxpJxzYv3zFOXVWaXbq5ZAzDyAO9gQXV2sj6kTvLrI7ZcfhunioDaXsmfykNAysz5Sj8KWh8vhFIzIggZq%2B%2F49s0%2FLW3C5G4ZUFbWGuD%2Bj4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b62620bb8b06945-FRA
x-cache-hits: 1

GET
H2 200 particles.js Show response
www.jaiminton.com/assets/js/ 42 KB
10 KB 36ms
33ms Script
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/particles.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89c8e085c3da89b31fd63bf88102068b931e58d1de9b64a2b29728ac28827d28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 41fd9459d9ae85a49d224bacaae5b584a8583ea5
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:34:37 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230109-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 65FC:8995:4EEA36:525EC6:64311708
x-timer: S1680945064.319903,VS0,VE97
etag: W/"643111a6-a801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nvEsT8CoE2lkzlumoiB39uWXKO%2FEbYZ9%2BUsxeQv9rK5INvvtiuMC%2F9E8kWZ6hovIxKWsXHF7CZaqEHR9FfWUb9eTPw%2Br%2FgGJwWwZFWZNewQ1t%2Fj6VC4WnwGdVf60zo5jAwSA7AZtgEIhBUbKT7R0ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b62620bb8b36945-FRA
x-cache-hits: 1

GET
H3 200 particlesjs-config.json Show response
www.jaiminton.com/assets/ 2 KB
1 KB 132ms
132ms XHR
application/json 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/particlesjs-config.json
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/assets/js/particles.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e71a14b59c6cd81cd4262c163d05a16dc98709f28cb51b2dd24036f4f17d1089

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 13bf8b180caa8f02488da67481e409de2365e23f
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
content-encoding: br
expires: Tue, 11 Apr 2023 10:10:31 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: MISS
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-hhn-etou8220025-HHN
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 810A:22E5:306D1A:41EE12:64352FBF
x-timer: S1681207231.380330,VS0,VE95
etag: W/"643111a6-7e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jicv5kQN1J5b3J%2FYKYmlnT6zfUzTXO4ZQ7JvlKX82WcdLlfJEZS%2B1%2BoJENqffvCbD3n07bU9g8zemGY%2BJbDM%2Fndh22g7d3VapG6ZnRWgb%2FEFBfsFXa8Lk4%2BPaWrY1KLgOErSbxIPxu%2BNgp0SWQ86%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
x-origin-cache: HIT
cf-ray: 7b62620bf8689b94-FRA
priority: u=1,i
x-cache-hits: 0

GET
H3 200 rootdir.png
www.jaiminton.com/assets/images/ 4 KB
5 KB 155ms
154ms Image
image/png 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/rootdir.png
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bedf211350e28796f14c9fca55d693bc7b3694598a92bd6435d215c2f7658ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 64dc9c798a8f5d4c2336de6d0d1b8963c5c44e87
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 08:34:03 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4508
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: A054:AAB2:7D23AE:81D64A:64311709
x-timer: S1680942453.945760,VS0,VE102
etag: "643111a6-119c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ae3c2iJ%2Bux94xEWHX0si3U%2F4uQQkkIS74O9JauCLxfD0Cjw8CCU6Tsl%2BpkQfMxPQqex9hb%2BkuYx0szz5qTKhU9EHxi%2FSCEj8HbkDdsb0xPUkX8X21FtLG2ovFAafMGsmutQLXn8erQB5YQHRbhiDug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b62620c08789b94-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 bio-photo.jpg
www.jaiminton.com/assets/images/ 38 KB
39 KB 46ms
45ms Image
image/jpeg 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/bio-photo.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28fbef8e5863400ed00fc90959828a773b998efa5acf1bb71e86108c78369ae2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: d74fa94c0c9a779f299c77c248e828d7f6ab46f3
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 00:43:49 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38748
x-served-by: cache-fra-eddf8230076-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: B4BA:8425:18B8B0E:199FCFF:64311709
x-timer: S1680942453.948978,VS0,VE87
etag: "643111a6-975c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=32UrIdmz7V00Hfi%2BVGv3VkjSDkZ10P4yuqnWrXQJ6LrWIRXjqlJQ0J9izbNYnu4p2OVvlOl5SRl4cHR4QjySfQT6yISCcdOoXxxhd8pFUjyck2Oj%2Fx2jWhpgwMAKBtFTGCUVafV2ZZrLa2a8o%2F3rlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7b62620c08799b94-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 BlueTeam.jpg
www.jaiminton.com/assets/images/ 232 KB
233 KB 139ms
138ms Image
image/jpeg 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/BlueTeam.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 089ef3196f5de5b2bd64fde04892f6b04888b2dab0fe579bcbe61f2a31b9689e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 6cb86ffd0d1fac150cb665ca15406ac30fa3eeb4
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 10:05:43 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 237994
x-served-by: cache-fra-eddf8230123-FRA
last-modified: Sat, 08 Apr 2023 07:03:01 GMT
server: cloudflare
x-github-request-id: BCB8:5810:69A137:6DE92F:64312574
x-timer: S1680942453.975544,VS0,VE109
etag: "643111a5-3a1aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KjTSjfV3kYOT6a46A36F%2BIR1X%2Fkx%2FAPXA37KmfbzL346lV30rkcK2a24TAD%2BijIDGqLDmaHUdAV9mlfDVjok6P6j7okhs6c%2FY147vaQFfCJ0tzb%2FnyM4QarF0bjZEEsmdVXKgOrHWZMqZoB%2FUfu3MA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7b62620c087a9b94-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3 200 aspmuma.jpg
www.jaiminton.com/assets/images/ 97 KB
98 KB 33ms
32ms Image
image/jpeg 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/aspmuma.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d052b2e198ee9123bd0321bd86377e598024b73e1de75e67832396833ce006d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 4d52350f581b887fb713a6fe2e2d9837f6d7d20d
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 02:40:37 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 99525
x-served-by: cache-fra-eddf8230034-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 9AEA:4DB1:2721735:2898AA4:64338756
x-timer: S1681098584.822288,VS0,VE102
etag: "643111a6-184c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zyaakZ3AzdgFHnP0WSOuMeGrmEzsSMTIglFAjcn1SnPHYV9QOOIfsH6cKW8lU%2BI9KDGv9vBryBjMGJJvQkUlNpzj1y9S64IhfNhQyHPiWMm5VW7b91zDRIjpLfc6llzPwjZQ4QdCAe%2FwxyWTwr%2Bmvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7b62620c087f9b94-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3 200 NOK.jpg
www.jaiminton.com/assets/images/ 413 KB
414 KB 125ms
124ms Image
image/jpeg 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/NOK.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec4baff4e5868c2e4806a768730ea68a17b9af88aa63cfd1a156389f2c24720e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 47f5472f6fb848e6427571eb76f9bcf4b75af200
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 10:10:31 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 423006
x-served-by: cache-fra-eddf8230058-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 1064:727A:88DA7E:8E1C80:64312575
x-timer: S1680942454.804192,VS0,VE102
etag: "643111a6-6745e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ubM%2Bovq8t%2F2Pt4XrRyCqi8Fdc5KGMa0azdPhZ%2BFxGpVGz5wcuM9pFUA6THAVCj4Abjw0nUb4NIGrLJNsPAohD1bTVkWbPgAmzHwN0%2FbKBeuZ0YBD1TOkgSrjlav%2ByvnEivZ5w7PuWgpjpj4qkMwcNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b62620c08819b94-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3 200 HHC2022.jpg
www.jaiminton.com/assets/images/HHC2022/ 207 KB
208 KB 132ms
131ms Image
image/jpeg 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/HHC2022/HHC2022.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 124efabef5f2a8a43a7d72d6b77185ce038d2b5090bba82c103dc60ac28e3333

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 88fd762ce8543ea7a15780545137d86261246e39
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 10:05:43 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 212021
x-served-by: cache-fra-eddf8230087-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: BEAC:AAB2:8230B1:87190F:64312575
x-timer: S1680942454.821838,VS0,VE103
etag: "643111a6-33c35"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h4bcMfI2PUYM7MIGylTR6H6HyKffVx%2FAEJjibjK9V4n0WuoHV0H0nw6RVdaDuMkyBiwrmXd6ncPdvx1Bn3AOu6GPsJAksgk1DeFWcSZeUkK5MFVsePv0imGhrwg06vIYG8f4Q9bQM1v0UC0hWm0p7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b62620c08829b94-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3 200 Redline.jpg
www.jaiminton.com/assets/images/ 64 KB
64 KB 123ms
122ms Image
image/jpeg 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/Redline.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98831bd905c45245dd18a59d5910d579831503ff911386691743206bc90650be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 5b475740506045fc7fb9db2ad8f5ac19add71049
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 07:22:06 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65106
x-served-by: cache-fra-eddf8230091-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: DF9E:1E20:11902C1:1235248:64311709
x-timer: S1680942454.979255,VS0,VE98
etag: "643111a6-fe52"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lc8ec1FQKEAjvIxPoqyyTjkMyuRF3EmDCEbv7ldKKus8dUAXajAZu%2FvYf1D8Lo0bCkNKNj%2Fa6DBptnoJGeNEpmkIpl64OKjx9rHbPyC%2BUrTl3U0a2jtwjLX2t2wwRZ2T%2FFuV6%2BILRhd4V1toDKW%2BoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7b62620c08839b94-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 email-decode.min.js Show response
www.jaiminton.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 22ms
21ms Script
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jaiminton.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 04 Apr 2023 10:03:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"642bf60d-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z9Dc36TljoMvzDFVE6sUZk6Ca%2FXrKuU9Sd0gPUu3L8BGcToAapohZ%2FmYhGo2DzI0UNDdwyS%2BKfxi4Aa6xvZS60uCHp8Nj4zIz6oUs6CN3ElXD9J2V8UEXt41KSR%2Fvi2D7Y4twYS7Daw%2B22uJHO8KTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7b62620c08849b94-FRA
expires: Thu, 13 Apr 2023 10:00:31 GMT

GET
H3 200 main.min.js Show response
www.jaiminton.com/assets/js/ 114 KB
42 KB 128ms
127ms Script
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/main.min.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4914006e0525e89ff3d85e76aea1346550f10a86edda3435906c54a4636fd809

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 3192db40c14fda09d1ef75c4855419c4bc8e7e13
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:42:17 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230024-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 7F3E:AAB2:7D23B0:81D64E:64311709
x-timer: S1680942454.943040,VS0,VE89
etag: W/"643111a6-1c828"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xtyuLxH5tTNYsGMZ7JBC67lcfEJw%2BGaftKCCbFLsEDNUkfsvCNvY04u5Wl0Yug4gQJUskjVibaSfxPu5ZXgTXiahxZMGAz4fu0IRiaeK8v77fDsYf9rZOSnO%2Bc5uU2noDLvB4sGcB%2FMwq5bDaRFMtg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b62620eac189b94-FRA
priority: u=1,i=?0
x-cache-hits: 1

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.7.1/js/ 1 MB
391 KB 52ms
33ms Script
application/javascript 2606:4700:e2::ac40:850f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.7.1/js/all.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06fbbb819a7f7c2e8b377f49130c5ae4654fbc734cacf7721ae46a6937b5aeb1

Request headers

Referer: https://www.jaiminton.com/
Origin: https://www.jaiminton.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:00:31 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: PPBZE7FXG5JCN9ZR
age: 541096
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: ok8FkV37SzEq15G0tptnXHMLQKu1WW3xbZKu0n3NTmTmJI59JIYJ4sYuHbeEeYZ+kTbzlYPVx54=
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
server: cloudflare
etag: W/"ebb8d1549ec556961cdd7f87f7512edb"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WYTdxu0L%2B5C3ZgnSgEDMK2wNNKxZ5wc1atD3OvLMJ58hflTNhLkKT0EoAELIcJAMGaKgzpqZbibljNGcFRDbTsgBU3JALTDMzCa5YRKdPirjETmAso9EBXSqSZ0mnbZWpefIAKnNhEJ6ZDBHbjGSBxmK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31556926
cf-ray: 7b62620fb8d73666-FRA

GET
H3 200 lunr.min.js Show response
www.jaiminton.com/assets/js/lunr/ 29 KB
9 KB 30ms
29ms Script
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr.min.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b92711806ac89c3d959cf3698e6950b41d974552dccf2c99beb4e4622f9edf55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: cc376f94e7eaea887c95eb599aea33164b4315e0
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
content-encoding: br
expires: Tue, 11 Apr 2023 02:40:37 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230130-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 3634:8995:4EEA37:525EC7:64311709
x-timer: S1680942454.159213,VS0,VE90
etag: W/"643111a6-72ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMsi3GHDzkQ6ps6tmW6Kt6DwR8KIfHF2xZW4viNsLBV3vQk3DHjNU3go%2FDxu6YLonTCYtQWcsDC10T58ha2xRcWC91HD6Ft5ENv5%2Bb87enNRgcaRW12ji5wAa1u%2FZBxIZzu7vZFHGcmshjfQXbgbqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
x-origin-cache: HIT
cf-ray: 7b62620f9dcc9b94-FRA
priority: u=1,i=?0
x-cache-hits: 1

GET
H3 200 lunr-store.js Show response
www.jaiminton.com/assets/js/lunr/ 21 KB
6 KB 30ms
30ms Script
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr-store.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3b4cf0ff4db3c23a25905e172f2d7212971dd74680c034d874243940b5726b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 61eab63a1dd8b481261bbd459a58a7e58dadb7c6
date: Tue, 11 Apr 2023 10:00:31 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:42:18 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230139-FRA
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
server: cloudflare
x-github-request-id: 4BB0:F7FF:17DB9DD:18C19BD:64311709
x-timer: S1680942454.431606,VS0,VE96
etag: W/"643111b5-5343"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8g9Fz078YeHC8LH3tpfGQtXTsronaXX5gbSgRf8RUhTlPcg1D3M5HTTvSQcLQqy2ISkJkpgwLKPZ5QerxMJQLY%2BSGFkkwNsj9dOPwKCbqfoknjflV%2FS6iBHYuUqAeVx3uKmqhYHlWrjvHdO01U%2FbvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b62620fde259b94-FRA
priority: u=1,i=?0
x-cache-hits: 1

GET
H3 200 lunr-en.js Show response
www.jaiminton.com/assets/js/lunr/ 2 KB
2 KB 31ms
30ms Script
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr-en.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d9b1921104eb209f68f191e40db355a7929c9b45205b0cb5690234f3a6277fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 301cc41081edb669a9968cf1c7fc6c6ccb1199d6
date: Tue, 11 Apr 2023 10:00:32 GMT
via: 1.1 varnish
content-encoding: br
expires: Tue, 11 Apr 2023 02:40:37 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-hhn-etou8220058-HHN
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
server: cloudflare
x-github-request-id: 8A3E:0AE8:5844F:8A984:64312576
x-timer: S1680942455.656884,VS0,VE96
etag: W/"643111b5-9df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7eC9VVNJfQ%2FqaSStBmz42Hz85OaK4ekMHitA18PtEDGJW0i4uq4iBJp3xYGwvAbAE12hxzk%2Bh5EodZD4X3J6%2FuRfft7GFkyM3OU42lcvBJSSbNqtwp5trCu56Gy3lwV%2BXHrsdvteyaueoT1KWBKuMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
x-origin-cache: HIT
cf-ray: 7b6262100e829b94-FRA
priority: u=1,i=?0
x-cache-hits: 0

GET
H2 200 v2b4487d741ca48dcbadcaf954e159fc61680799950996 Show response
static.cloudflareinsights.com/beacon.min.js/ 16 KB
6 KB 83ms
53ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v2b4487d741ca48dcbadcaf954e159fc61680799950996
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2

Request headers

Referer: https://www.jaiminton.com/
Origin: https://www.jaiminton.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:00:32 GMT
content-encoding: gzip
last-modified: Thu, 06 Apr 2023 16:52:30 GMT
server: cloudflare
etag: W/2023.4.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7b626210e8e33608-FRA

GET
H3 200 invisible.js Show response
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 3259 26 KB
12 KB 16ms
16ms Script
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1681200000
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebdf33725e8d81ed0f862b3e0a74f1e20bc8e9ac21610b4b9e0a190e73511c35

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:00:32 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0s46PsqZkvKPU6BflB1qOOAgi3YtZfDxJCh3bSybFlyIVcGmRqZT7Uypt8kp10EB3459cDuQxbU1Qd0%2FP92BO%2F16p8AqnVfGI1i1tMe2jT2AdMgRADlq4cKP34mOwP6UcGmgGjN%2B6PKaE3scNSFnzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7b6262150d969b94-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i=?0

POST
H3 204 rum Show response
www.jaiminton.com/cdn-cgi/ 0
143 B 11ms
10ms XHR
text/plain 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jaiminton.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v2b4487d741ca48dcbadcaf954e159fc61680799950996

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.jaiminton.com/cheatsheet/DFIR/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json

Response headers

date: Tue, 11 Apr 2023 10:00:33 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.jaiminton.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7b626216cffb9b94-FRA

GET
H3 200 pica.js
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 3259 7 KB
4 KB 13ms
12ms Other
application/javascript 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91532b1149da0941b130ac935e2fc613e893e21d6a58e76e90bd7425e12a365f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 10:00:33 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gWY%2F7vqbPEd6may4lIy2AL%2BVOJFoemZ2%2BdUc8V7AXNGdyg4zs2zdgtObE1yztfrE3rhsM7tKzInRUq6N5Qzde4sPuw2wPqkxQuc5USSsYdgSX1kaOeRKRC0lxr%2BBupr%2BILegq9jNeeu1sJigIXrIvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7b626216d8169b94-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=1,i

POST
H3 200 7b6262086c0e6945 Show response
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 3259 2 B
678 B 30ms
30ms XHR
text/plain 2606:4700:3036::ac43:98ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/cv/result/7b6262086c0e6945
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1681200000
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:98ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 11 Apr 2023 10:00:33 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zhsJRH%2B852OqMu7mZcB8DJS8Wi2FXQEEk6ymR%2Ff%2Fd5Kj5v9AAHmM2fnB39wUX9hi%2Fc7QBjdsQalNsGVORFpDo26u1pMAGJqBDWbP5WH94iiMApUr%2BI2SrGc1aX%2Fv1LE3xNKDF0KO1fpFzcP8xJJOmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7b6262183a079b94-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=1,i

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.jaiminton.com/	1970-01-20 11:00:09	Name: __cf_bm Value: Pz_vXuhg_sNYZNJQ6X2B7SO9FrbgZ3bOSj4FeP1Cn1M-1681207233-0-AWX+EMF/OPniwkk/98VuBvvDH0nPzOnMFlE3URdoD3z9MuQipE3rvqzWr1rN/T/m07UKQRmZaVEExSDfoVpVXQlBbUBFLjxt1KtX7HROHL8GEmFReQRtqBeH95xr0pRRzQ==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.jaiminton.com/cheatsheet/DFIR/(Line 136) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.cloudflareinsights.com
use.fontawesome.com
www.jaiminton.com
2606:4700:3036::ac43:98ec
2606:4700::6810:3865
2606:4700:e2::ac40:850f
06fbbb819a7f7c2e8b377f49130c5ae4654fbc734cacf7721ae46a6937b5aeb1
089ef3196f5de5b2bd64fde04892f6b04888b2dab0fe579bcbe61f2a31b9689e
124efabef5f2a8a43a7d72d6b77185ce038d2b5090bba82c103dc60ac28e3333
1bedf211350e28796f14c9fca55d693bc7b3694598a92bd6435d215c2f7658ec
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28fbef8e5863400ed00fc90959828a773b998efa5acf1bb71e86108c78369ae2
4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2
4914006e0525e89ff3d85e76aea1346550f10a86edda3435906c54a4636fd809
4d9b1921104eb209f68f191e40db355a7929c9b45205b0cb5690234f3a6277fc
7d052b2e198ee9123bd0321bd86377e598024b73e1de75e67832396833ce006d
802f57ecdb1db95f6841d90c2e7d8f5c0ae712b6d2b6b0a3760ca26143770d40
89c8e085c3da89b31fd63bf88102068b931e58d1de9b64a2b29728ac28827d28
91532b1149da0941b130ac935e2fc613e893e21d6a58e76e90bd7425e12a365f
98831bd905c45245dd18a59d5910d579831503ff911386691743206bc90650be
a2cfbdba5cd0f63606455f32ac200a707f91e0027e5c83989b2bcd09b69926e3
b92711806ac89c3d959cf3698e6950b41d974552dccf2c99beb4e4622f9edf55
d3b4cf0ff4db3c23a25905e172f2d7212971dd74680c034d874243940b5726b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71a14b59c6cd81cd4262c163d05a16dc98709f28cb51b2dd24036f4f17d1089
ebdf33725e8d81ed0f862b3e0a74f1e20bc8e9ac21610b4b9e0a190e73511c35
ec4baff4e5868c2e4806a768730ea68a17b9af88aa63cfd1a156389f2c24720e

www.jaiminton.com Open in urlscan Pro 2606:4700:3036::ac43:98ec Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

1656 kBTransfer

2921 kBSize

1 Cookies

260 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

www.jaiminton.com Open in urlscan Pro
2606:4700:3036::ac43:98ec Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

1656 kB
Transfer

2921 kB
Size

1
Cookies

22 HTTP transactions
0 data transactions