www.jaiminton.com Open in urlscan Pro
172.67.152.236 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.jaiminton.com/cheatsheet/DFIR/#get-an-object-of-forensic-artifacts
Effective URL:
https://www.jaiminton.com/cheatsheet/DFIR/
Submission Tags: falconsandbox
Submission: On May 28 via api (May 28th 2024, 11:07:15 pm UTC) from US — Scanned from DE

Summary HTTP 21 Redirects Links 100 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 21 HTTP transactions. The main IP is 172.67.152.236, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.jaiminton.com.
TLS certificate: Issued by GTS CA 1P5 on May 16th 2024. Valid for: 3 months.

This is the only time www.jaiminton.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 20	172.67.152.236 172.67.152.236	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3036::6815:1b98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5049	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	3

20 172.67.152.236 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.jaiminton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:1b98 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5049 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	jaiminton.com 1 redirects www.jaiminton.com	940 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 804	7 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1230	390 KB
21	3

	Domain	Requested by
20	www.jaiminton.com	1 redirects www.jaiminton.com static.cloudflareinsights.com
1	static.cloudflareinsights.com	www.jaiminton.com
1	use.fontawesome.com	www.jaiminton.com
21	3

This site contains links to these domains. Also see Links.

Domain
buymeacoff.ee
app.hackthebox.com
twitter.com
www.linkedin.com
github.com
www.youtube.com
infosec.exchange
binalyze.com
irec.readthedocs.io
belkasoft.com
resources.infosecinstitute.com
www.magnetforensics.com
www.volexity.com
docs.microsoft.com
winpmem.velocidex.com
accessdata.com
www.x-ways.net
www.guidancesoftware.com
guymager.sourceforge.io
ruler-project.github.io
thedfirreport.com
stackoverflow.com
www.trustedsec.com
blog.didierstevens.com
gist.github.com
www.thezdi.com
modexp.wordpress.com
www.hexacorn.com
ericzimmerman.github.io
support.microsoft.com
attack.mitre.org
learn-powershell.net
blog.xpnsec.com
www.inversecos.com
www.sans.org
learn.microsoft.com
www.crowdstrike.com

Subject Issuer	Validity	Valid
jaiminton.com GTS CA 1P5	`2024-05-16` - `2024-08-14`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
cloudflareinsights.com GTS CA 1P5	`2024-05-08` - `2024-08-06`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.jaiminton.com/cheatsheet/DFIR/
Frame ID: 2BDBDA7446A5796AF043A2A68153E710
Requests: 19 HTTP requests in this frame

Frame: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
Frame ID: 255B4FFA2E47DE1EF0942CD37FBA2F4E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Digital Forensics and Incident Response : Jai Minton

Detected technologies

particles.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

/particles(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

21
Requests

95 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

1336 kB
Transfer

2644 kB
Size

1
Cookies

100 Outgoing links

These are links going to different origins than the main page.

URL: https://buymeacoff.ee/JaiMinton
Title: ☕ Buy me a coffee

Search URL Search Domain Scan URL

URL: https://app.hackthebox.com/profile/10636
Title: Hack The Box

Search URL Search Domain Scan URL

URL: https://twitter.com/CyberRaiju
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/JaiMinton
Title: LinkedIN

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cyberraiju/featured
Title: YouTube

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@CyberRaiju
Title: Mastodon

Search URL Search Domain Scan URL

URL: https://github.com/ForensicArtifacts/artifacts/tree/master/data
Title: ForensicArtifacts

Search URL Search Domain Scan URL

URL: https://github.com/cloudbase/powershell-yaml
Title: ConvertFrom-Yaml module

Search URL Search Domain Scan URL

URL: https://github.com/jschicht/RawCopy
Title: RawCopy

Search URL Search Domain Scan URL

URL: https://binalyze.com/products/irec
Title: Binalyze IREC Evidence Collector

Search URL Search Domain Scan URL

URL: https://irec.readthedocs.io/en/latest/commandline.html
Title: Latest documentation

Search URL Search Domain Scan URL

URL: https://belkasoft.com/get?product=ram
Title: Belkasoft Live RAM Capturer

Search URL Search Domain Scan URL

URL: https://resources.infosecinstitute.com/memory-analysis-using-redline/
Title: Infosec Institute - Memory Analysis using Redline

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet/status/1273264867382788096?s=20
Title: Grzegorz Tworek - 0gtweet

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/resources/?cat=Free%20Tool
Title: Magnet Forensics Tools

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/free-tool-magnet-ram-capture
Title: Magnet RAM Capture

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/resources/magnet-process-capture/
Title: Magnet Process Capture

Search URL Search Domain Scan URL

URL: https://www.volexity.com/blog/2018/06/12/surge-collect-provides-reliable-memory-acquisition-across-windows-linux-and-macos/
Title: Volexity Surge

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/livekd
Title: Microsoft LiveKd

Search URL Search Domain Scan URL

URL: https://github.com/Velocidex/WinPmem/releases
Title: Winpmem

Search URL Search Domain Scan URL

URL: https://winpmem.velocidex.com/docs/memory/
Title: Winpmem Docs

Search URL Search Domain Scan URL

URL: https://accessdata.com/product-download
Title: FTK Imager (Cmd version, mostly GUI for new versions)

Search URL Search Domain Scan URL

URL: https://www.x-ways.net/order.html
Title: X-Ways Imager

Search URL Search Domain Scan URL

URL: https://www.guidancesoftware.com/encase-forensic
Title: Encase Forensic

Search URL Search Domain Scan URL

URL: https://www.guidancesoftware.com/tableau/download-center
Title: Tableau Imager

Search URL Search Domain Scan URL

URL: https://guymager.sourceforge.io/
Title: Guymager

Search URL Search Domain Scan URL

URL: https://github.com/sleuthkit/scalpel
Title: Scalpel

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-6
Title: Powershell

Search URL Search Domain Scan URL

URL: https://twitter.com/barnabyskeggs
Title: Special thanks Barnaby Skeggs

Search URL Search Domain Scan URL

URL: https://twitter.com/phillmoore
Title: Phill Moore

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/av/
Title: The RULER Project - AV

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Action1/
Title: The RULER Project - Action1

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/AmmyAdmin/
Title: The RULER Project - AmmyAdmin

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/AnyDesk/
Title: The RULER Project - AnyDesk

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Atera/
Title: The RULER Project - Atera

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Citrix%20GoToMyPC/
Title: The RULER Project - Citrix GoToMyPC

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Kaseya/
Title: The RULER Project - Kaseya

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Level/
Title: The RULER Project - Level

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/LogMeIn/
Title: The RULER Project - LogMeIn

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/RealVNC/
Title: The RULER Project - RealVNC

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/
Title: The RULER Project - Splashtop

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/SupRemo/
Title: The RULER Project - SupRemo

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Connectwise_Screenconnect/
Title: The RULER Project - Connectwise/Screenconnect

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/TeamViewer/
Title: The RULER Project - TeamViewer

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/TightVNC/
Title: The RULER Project - TightVNC

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/UltraVNC/
Title: The RULER Project - UltraVNC

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Ultraviewer/
Title: The RULER Project - Ultraviewer

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/Xeox/
Title: The RULER Project - Xeox

Search URL Search Domain Scan URL

URL: https://ruler-project.github.io/ruler-project/RULER/remote/ZohoAssist/
Title: The RULER Project - ZohoAssist

Search URL Search Domain Scan URL

URL: https://thedfirreport.com/2022/04/25/quantum-ransomware/
Title: Special Thanks, created from intel by The DFIR Report

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/29937568/how-can-i-find-the-product-guid-of-an-installed-msi-setup/29937569#29937569
Title: Special Thanks

Search URL Search Domain Scan URL

URL: https://github.com/AtomicGaryBusey/AzureForensics/blob/master/FORENSIC%20ARTIFACTS%20-%20Azure%20Run%20Command%20Extension%20Use.md
Title: Special Thanks

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Quick overview of persistent locations (AutoRuns)

Search URL Search Domain Scan URL

URL: https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/
Title: Windows Telemetry Controller - Special Thanks to TrustedSec

Search URL Search Domain Scan URL

URL: https://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/
Title: Didier Stevens

Search URL Search Domain Scan URL

URL: https://blog.didierstevens.com/2006/06/22/save-safeboot/
Title: multiple times

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/660319/where-can-i-find-all-of-the-com-objects-that-can-be-created-in-powershell
Title: Original by Jeff Atwood

Search URL Search Domain Scan URL

URL: https://github.com/jay/gethooks/releases/tag/1.01
Title: GetHooks

Search URL Search Domain Scan URL

URL: https://gist.github.com/joswr1ght/c5d9773a90a22478309e9e427073fd30
Title: Special thanks - Josh Wright

Search URL Search Domain Scan URL

URL: https://twitter.com/markus_pieton/status/1189559716453801991
Title: Markus Piéton

Search URL Search Domain Scan URL

URL: https://www.thezdi.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell
Title: ProxyShell

Search URL Search Domain Scan URL

URL: https://modexp.wordpress.com/2019/07/27/process-injection-winsock/
Title: Special Thanks - odzhan

Search URL Search Domain Scan URL

URL: https://www.hexacorn.com/blog/2015/01/13/beyond-good-ol-run-key-part-24/
Title: Special Thanks - Hexacorn

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/fileio/master-file-table
Title: Microsoft Docs

Search URL Search Domain Scan URL

URL: https://ericzimmerman.github.io/#!index.md
Title: MFTExplorer

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4055535/how-to-disable-equation-editor-3-0
Title: More information on the below process

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1038/
Title: DLL Search Order Hijacking

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order
Title: Microsoft Docs

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1073/
Title: Dll Side Loading

Search URL Search Domain Scan URL

URL: https://learn-powershell.net/2014/05/09/quick-hits-list-all-available-wmi-namespaces-using-powershell/
Title: Enumerate WMI Namespaces

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz/blob/master/kiwi_passwords.yar
Title: Mimikatz Yara rule

Search URL Search Domain Scan URL

URL: https://blog.xpnsec.com/exploring-mimikatz-part-1/
Title: Adam Chester

Search URL Search Domain Scan URL

URL: https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
Title: Grzegorz Tworek

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/danderspritz-evtx
Title: DanderSpritz eventlogedit

Search URL Search Domain Scan URL

URL: https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
Title: Inversecos - How to Detect OAuth Access Token Theft in Azure

Search URL Search Domain Scan URL

URL: https://www.sans.org/posters/enterprise-cloud-forensics-incident-response-poster/
Title: Poster

Search URL Search Domain Scan URL

URL: https://github.com/CrowdStrike/CRT
Title: CrowdStrike CRT

Search URL Search Domain Scan URL

URL: https://gist.github.com/JPMinty/f4d60adafdfbc12b0e4226a27bf1dcb0
Title: PowerShell Module to show Process Tree

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
Title: ACE Strings

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-string-format
Title: Syntax of Security Descriptor String

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/listdlls
Title: ListDLLs

Search URL Search Domain Scan URL

URL: https://twitter.com/mattifestation/status/1366435525272481799
Title: Matt Graeber

Search URL Search Domain Scan URL

URL: https://gist.github.com/mgraeber-rc/7b9f4d497d75967afc58209df611508b
Title: Windows Defender Application Control system integrity policy

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/strings
Title: Strings

Search URL Search Domain Scan URL

URL: https://github.com/Neo23x0/Loki
Title: Loki Scanner

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/resources/community-tools/crowdresponse/
Title: Crowdresponse Scanner

Search URL Search Domain Scan URL

URL: https://binalyze.com/download/irec/
Title: IREC Tactical

Search URL Search Domain Scan URL

URL: https://github.com/virustotal/yara/releases/latest
Title: Yara

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty/PowerShellArsenal
Title: PowerShellArsenal

Search URL Search Domain Scan URL

URL: https://gist.github.com/JPMinty/beffcd18d8ec06b73643c2f38cde384d
Title: Get-InjectedThread

Search URL Search Domain Scan URL

URL: https://github.com/rapid7/metasploit-framework/wiki/Meterpreter
Title: Meterpreter Wiki

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4013567/how-to-disable-internet-explorer-on-windows
Title: More Information: MS Docs

Search URL Search Domain Scan URL

URL: https://github.com/BeanBagKing/EventFinder2
Title: Event Finder2

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet/status/1182516740955226112
Title: Grzegorz Tworek - 0gtweet

Search URL Search Domain Scan URL

URL: https://github.com/brimorlabs/KStrike
Title: User Access Logging (UAL) KStrike Parser

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/administration/user-access-logging/manage-user-access-logging
Title: here

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/user-access-logging-ual-overview/
Title: CrowdStrike Blog - Patrick Bennett

Search URL Search Domain Scan URL

URL: https://github.com/sans-blue-team/DeepBlueCLI
Title: DeepblueCLI

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://www.jaiminton.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
www.jaiminton.com/cheatsheet/DFIR/ 470 KB
100 KB 271ms
160ms Document
text/html 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70b2b469ab25b2c29a20cfdb87dcb75af7ac50764f285dea917aeabba88aedae

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
age: 0
alt-svc: h3=":443"; ma=86400
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 88b1e63c2ddc18d7-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 28 May 2024 23:07:10 GMT
expires: Tue, 28 May 2024 23:17:10 GMT
last-modified: Tue, 28 May 2024 07:35:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Skypt1E7ndUzAp8WFG%2Bneen%2BaVGP%2F4Now9OfBqXZs1wqUU%2Bbx5PuqZI7Dbtmt7J1KxUhI6%2Bz0c%2F0RL15ABV617Fy6NUhQVaiGlWt2Ju8fg6Sh8HjoFGnr4gW%2Fh3%2BH%2B9nn%2BZUOw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-fastly-request-id: bd6831a794015100f2f86f1a8324ae6d7bdf500b
x-github-request-id: 7758:69D84:172227A:17C2CE5:6656639E
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230056-FRA
x-timer: S1716937630.118180,VS0,VE107

GET
H3 200 main.css
www.jaiminton.com/assets/css/ 63 KB
13 KB 158ms
157ms Stylesheet
text/css 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/css/main.css
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 809e727cb910039fef718a5bd2e1c9b2c42e9b679b686fe319bb1021c6c93006

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 50bc328dfae18bfbbb19db37ef086e675c779374
date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 12651
x-served-by: cache-fra-eddf8230117-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: EE1A:19D10B:204BA51:2155F17:6655EEA8
x-timer: S1716926673.737068,VS0,VE100
etag: W/"66558934-fb9f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HBTKY%2FGGGkf7pI2HQp1dIWIoej9dRBoz586bTBB7XdxfoHj%2FGuipJ73ybD7lGy%2BBe4Rbf7SyKYxb0RA%2BX0o7awmddT304fgnBr9KbS7cQ3uG5ddDavOfokMfULp3XKg84meqwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 88b1e63d3ee018d7-FRA
priority: u=0,i=?0
x-cache-hits: 0

GET
H3 200 particles.js Show response
www.jaiminton.com/assets/js/ 42 KB
10 KB 162ms
162ms Script
application/javascript 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/particles.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89c8e085c3da89b31fd63bf88102068b931e58d1de9b64a2b29728ac28827d28

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: efcb1d17137a1a044055e3529ce504b98a908b3a
date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 9240
x-served-by: cache-fra-eddf8230119-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: 9B2A:3F1970:29D454B:2B31731:66558C91
x-timer: S1716883123.435594,VS0,VE3
etag: W/"66558934-a801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s1JSI%2FOm4mZlMeLNRYKUMNQpS3RXnVw8rGwZVi2OrxMfN7DXI2o3IYLzSa9O8q%2FeNvWGvbfJ7RSBSOgw04hFHFJqWJpQIfZLHhjPK5bjeGtkMyAV0xh8IzV%2BYoBGxL1eGuCyqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63d3ee418d7-FRA
priority: u=1,i=?0
x-cache-hits: 0

GET
H3 200 BlueTeam.jpg
www.jaiminton.com/assets/images/ 232 KB
233 KB 141ms
141ms Image
image/jpeg 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/BlueTeam.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 089ef3196f5de5b2bd64fde04892f6b04888b2dab0fe579bcbe61f2a31b9689e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 15b7acd8231e73a93c6c474dcc53991bf7887f8d
date: Tue, 28 May 2024 23:07:10 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 237994
x-served-by: cache-fra-eddf8230142-FRA
last-modified: Tue, 28 May 2024 07:35:15 GMT
server: cloudflare
x-github-request-id: 3408:2FC5F5:A84DBD:AC13B6:6656639D
x-timer: S1716937630.319807,VS0,VE97
etag: "66558933-3a1aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EbjeC%2FmwJOtQ2QS%2FdWPkwDPEzRH868Qz5QMdnGXmAmCfh7nq1GLfFYCXZYkU4kK9fEMJ%2BwMlpxb0mdfUKDeF5e8NIZXeFNenEmUTpwMJQ9zaXoRXIoBOtXRjBPO7ip7K18lgZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63d6f2418d7-FRA
priority: u=2,i
x-cache-hits: 0

GET
H3 200 formbookdownloader.jpg
www.jaiminton.com/assets/images/ 113 KB
113 KB 158ms
158ms Image
image/jpeg 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/formbookdownloader.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64b9f042a3cd4c1ae8364b79e3fa7a5ca42bcb13356b17542bc2c89fd562922b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 0fda9b3c29339ce750a0e796e49985f766386a0d
date: Tue, 28 May 2024 23:07:10 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 115429
x-served-by: cache-fra-eddf8230144-FRA
last-modified: Tue, 28 May 2024 07:35:15 GMT
server: cloudflare
x-github-request-id: DC8A:3EB3C1:2C66B1D:2DBE43A:6656273E
x-timer: S1716926673.955782,VS0,VE103
etag: "66558933-1c2e5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ikc%2BSyzoMopb%2FtgA3dLlXpIJX6gJJ7lt9n%2FV9eJl8TFcLQslIKzqJt%2FKzg%2FuxWOv%2BUryYXaBJRkUb%2FImL2GmjluKumZZUEDTMmmkaC09nyMaMNxqVWtnKnAiJ%2F9fV2N0h43sTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63dff8818d7-FRA
priority: u=2,i
x-cache-hits: 0

GET
H3 200 amos-stealer.jpg
www.jaiminton.com/assets/images/ 113 KB
114 KB 165ms
164ms Image
image/jpeg 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/amos-stealer.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d30097c70ad6045848450cd57b44049d296bdce594d6f5f02124334afa27a4c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 5ce2502707a4f86f1f44a2363a2f2269edc7bf83
date: Tue, 28 May 2024 23:07:10 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 115788
x-served-by: cache-fra-eddf8230025-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: E559:23D2F:347C821:361AA89:6656639E
x-timer: S1716937630.452725,VS0,VE95
etag: "66558934-1c44c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCIurczdT9WaE6Olnu5NckA3NzKW2T6uO1sl%2BtG%2FEDMb79g5ex51EJevY%2BZJ9IlTKGfspYgyxc2bDWd9fhkl2FxiSvHf%2B1esPxtitig0KfE4FlJXkHudu6iP0gjBI8NLxrz9rA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63e3fd018d7-FRA
priority: u=2,i
x-cache-hits: 0

GET
H3 200 wasabiwallet.jpg
www.jaiminton.com/assets/images/ 98 KB
98 KB 166ms
165ms Image
image/jpeg 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/wasabiwallet.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2475bd1214cb5a9413dbc2b29bbf10c1a718f2aeab59ea69aeac39bf7313705b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: db277e94cf3e3a45fd0129f6b9fa8b6ab3405d9d
date: Tue, 28 May 2024 23:07:10 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 100103
x-served-by: cache-fra-eddf8230025-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: B8BD:8082B:675935:6B0B21:66558C91
x-timer: S1716883014.840651,VS0,VE98
etag: "66558934-18707"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44E49kOF%2BPJyJqwZqcyqyg%2BYQs3X9XSSPQv3lG3TZNLrJfPvFace2uHclQaDmsCKqrsuRQwCdGIMByavfvvNnrCyGqmbQecB7LrBB1GTUgyJbchY9d7cEqv%2Bhfy5Fp%2FEI1LdBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63e3fd118d7-FRA
priority: u=2,i
x-cache-hits: 0

GET
H3 200 asyncrat.jpg
www.jaiminton.com/assets/images/ 93 KB
94 KB 157ms
155ms Image
image/jpeg 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/asyncrat.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f54e9c4515be23c1bea9f023fd76ed45d3c98497309c4ac6e68f3777b4028ddf

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 75ca0de60c713b4a3af9b289783ec72c40a2634e
date: Tue, 28 May 2024 23:07:10 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 95300
x-served-by: cache-fra-eddf8230029-FRA
last-modified: Tue, 28 May 2024 07:35:15 GMT
server: cloudflare
x-github-request-id: C8C9:69D84:140B8A0:1497B5F:66561E82
x-timer: S1716926673.956675,VS0,VE106
etag: "66558933-17444"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jmq%2BUoQAUWTsKZYb80gFfa8w6PNCPr6cn3k3KijbNA0T4BauJ%2FJtzLwfOUbvLAr86Lkfkily1kNkbmsG%2B8aqfzMpsP5C0AlD0FNvyIwzzjTLSiTffjzJEp8rpCgGd71lPf7T4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63e3fd218d7-FRA
priority: u=2,i
x-cache-hits: 0

GET
H3 200 main.min.js Show response
www.jaiminton.com/assets/js/ 114 KB
41 KB 167ms
166ms Script
application/javascript 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/main.min.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4914006e0525e89ff3d85e76aea1346550f10a86edda3435906c54a4636fd809

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 4f7347457eb3d2fabfab0d0061220d683a0cbcfb
date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 40893
x-served-by: cache-fra-eddf8230145-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: B946:1AF428:AB0F8A:B0BC59:66558C91
x-timer: S1716883124.517288,VS0,VE1
etag: W/"66558934-1c828"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FjLtSz8xybfl7Y2zYeW9mvPZU5AnpYYwER%2F2Ihgxi58DgVYACEfFftZLk2OUnQ9jjfjOM9AqmAero8DSHGVsUoxyKdAUZJSlELz9w8vdYl1BV5M650Eo70UaCZTUGnq1ZkEnVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63e3fd318d7-FRA
priority: u=2,i=?0
x-cache-hits: 0

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.7.1/js/ 1 MB
390 KB 168ms
62ms Script
application/javascript 2606:4700:3036::6815:1b98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.7.1/js/all.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06fbbb819a7f7c2e8b377f49130c5ae4654fbc734cacf7721ae46a6937b5aeb1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/
Origin: https://www.jaiminton.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 290100
etag: W/"ebb8d1549ec556961cdd7f87f7512edb"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMpcb339y53Kh8dam%2BrUQo1qLWS9FYN2VimWXwQ49cOedhqOKdDJKCv2qW9OnO3%2BxBS068mYR4Kfyz3EkW3W6dxSl8EtoWH0lzCI3spJjHdR9ppOchD7BrgmAfWXf%2FQrkmn1dGQ5oW4qKzBPY2VUdzRN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 88b1e63eea67929c-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 lunr.min.js Show response
www.jaiminton.com/assets/js/lunr/ 29 KB
9 KB 169ms
167ms Script
application/javascript 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr.min.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b92711806ac89c3d959cf3698e6950b41d974552dccf2c99beb4e4622f9edf55

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 6d487bac32c948130c5b405ecdeaa7fdbea759a4
date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 8349
x-served-by: cache-fra-eddf8230153-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: 9B9A:1B2E62:1634D1B:16C9B0C:66561E82
x-timer: S1716926673.170668,VS0,VE103
etag: W/"66558934-72ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vYFcPa1jdu4K0IIubkNK37PsDGYYjh8vzGAwandwmK%2FdD9rGAehRvwl9zGp7bj8RDcNA0kRTWSpy2qlqUcOdzlY5UlfhuwjbObxE7yhZ64YpJ7KMIoLtV%2Fqhl3G2D2GCYNaOg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63e3fd418d7-FRA
priority: u=2,i=?0
x-cache-hits: 0

GET
H3 200 lunr-store.js Show response
www.jaiminton.com/assets/js/lunr/ 76 KB
19 KB 169ms
168ms Script
application/javascript 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr-store.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bfb99372495669f6b29c9b915d9f8a7a04e36ee3e41e9363b9b8b2b55b58984

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: dcfbd6e59889df921ddd0268b45d145a3fad4dae
date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 18624
x-served-by: cache-fra-eddf8230096-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: 64A6:82627:3023EDA:31A2A8A:6655FD6A
x-timer: S1716926673.354836,VS0,VE96
etag: W/"66558934-12eea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=taYgZIl%2Befs9dNOh7lhfDqXN3bDqK8QDTV%2BDcysGzxku%2BnqZJablUf6Ha%2FcM7qdxKw4%2FiRZpKG6uZhjNX%2BBFURoAz8lyEKXttz04oElS0xDPmBWzLYhpDKs9gp2ZQ5rz1bnziw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 88b1e63e3fd518d7-FRA
priority: u=2,i=?0
x-cache-hits: 0

GET
H3 200 lunr-en.js Show response
www.jaiminton.com/assets/js/lunr/ 2 KB
2 KB 190ms
189ms Script
application/javascript 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr-en.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d9b1921104eb209f68f191e40db355a7929c9b45205b0cb5690234f3a6277fc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 31fe94b9ebe5e1eaa4242cd5f6463a5f6614823b
date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 841
x-served-by: cache-fra-eddf8230060-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: D8F8:12DD19:1196572:12321E7:66558C91
x-timer: S1716883124.699887,VS0,VE1
etag: W/"66558934-9df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nYL1GP8JGy7hfjxYVsZgFFS6ZtUIuvFTThroCcZvy48ou9jjfsVvUaJZ0rtWAL%2BVeT6pEu0%2B5IqBReAVnxOAP%2BkbFVCoxlLinOsaywMBYBxhNZP0nUM7p%2BlGa8IoEjPEoNoNPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 88b1e63e3fd718d7-FRA
priority: u=2,i=?0
x-cache-hits: 0

GET
H2 200 vef91dfe02fce4ee0ad053f6de4f175db1715022073587 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 157ms
79ms Script
text/javascript 2606:4700::6810:5049
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9eb189676a78d42d7a8487eef683702ada6c5c866399eefbc0df319d5f7c6d7

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/
Origin: https://www.jaiminton.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
last-modified: Mon, 06 May 2024 19:01:13 GMT
server: cloudflare
etag: W/"2024.5.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 88b1e63ebe391e59-FRA

GET
H3 200 particlesjs-config.json Show response
www.jaiminton.com/assets/ 2 KB
1 KB 164ms
164ms XHR
application/json 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/particlesjs-config.json
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/assets/js/particles.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e71a14b59c6cd81cd4262c163d05a16dc98709f28cb51b2dd24036f4f17d1089

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: c68743778d4450e6376bea81719eb862af12e2b2
date: Tue, 28 May 2024 23:07:10 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 0
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: MISS
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 612
x-served-by: cache-fra-eddf8230056-FRA
last-modified: Tue, 28 May 2024 07:35:16 GMT
server: cloudflare
x-github-request-id: 2D1E:3F1970:3529BFF:36C635F:6656639E
x-timer: S1716937630.442468,VS0,VE102
etag: W/"66558934-7e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wxiopP78fHmwJr4hLsb5sMPwhYxan%2FFYawBez8sxwgVl%2FiYBplmBalmYSbxSE6EE%2F7b5JcsD62FVVtG0xQNBdv5EiecukZBFDk6ZPAwoF2k5bBRXlpFBEfIXfTr8%2F8chwD7zpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 88b1e63e3fce18d7-FRA
priority: u=1,i
expires: Tue, 28 May 2024 23:17:10 GMT

GET
H3 200 rootdir.png
www.jaiminton.com/assets/images/ 4 KB
5 KB 262ms
262ms Image
image/png 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/rootdir.png
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bedf211350e28796f14c9fca55d693bc7b3694598a92bd6435d215c2f7658ec

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: 120ef6c2f7e6bd63f92a1b7a5109627889ee0f63
date: Tue, 28 May 2024 23:07:10 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 4508
x-served-by: cache-fra-eddf8230140-FRA
last-modified: Tue, 28 May 2024 07:35:15 GMT
server: cloudflare
x-github-request-id: 5F9C:23D2F:316539B:32EEDFF:66561E82
x-timer: S1716926673.947894,VS0,VE98
etag: "66558933-119c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SfagKN0LTWSG5XLdN3jRBZBuhl9apcORWYVJTeOINNowpV3AvzVwNn0nK3xZ%2Bf%2FIP4wKV2iLithvQBjey9AFBFJKika79xvDSZT35s6YULfwgsimTbuhsCMR6lwx9icfzscn2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88b1e63e4fde18d7-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3 200 bio-photo.jpg
www.jaiminton.com/assets/images/ 78 KB
78 KB 265ms
264ms Image
image/jpeg 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/bio-photo.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23267a421e3017964ca3c7884c355d050e3f052dede6035ae64325396f32475d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: a1534b0cf0e83de49c4df0af6f80fda8f24cdab9
date: Tue, 28 May 2024 23:07:10 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:10 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400
content-length: 79535
x-served-by: cache-fra-eddf8230078-FRA
last-modified: Tue, 28 May 2024 07:35:15 GMT
server: cloudflare
x-github-request-id: 0FD8:12DD19:11965DE:1232255:66558C91
x-timer: S1716883014.145270,VS0,VE1
etag: "66558933-136af"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ueR%2BDy2yQIaTW%2F5ojQf9dse50qYSOLNNho2GfBGf6h530ATMNwgISHrUUXQFAwejDbSVTzW2jFiNFR0euSm9ON2jjJR5flmFwuIlqp9smiqAGb%2BLNyVPuHOl8K1ya8iVUnVA9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 88b1e63e4fdf18d7-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3

200

main.js Show response
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/ Frame 255B
Redirect Chain

https://www.jaiminton.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

8 KB
4 KB

50ms
46ms

Script
application/javascript

172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

Protocol

Server

172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73ec5b416c0cf79d5535abfb80351988a2a1470ca40abc2b255fec7b9e4fc0b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Tue, 28 May 2024 23:07:11 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0slKX%2BFWj903qaW4NLKUZMbhDhtfl%2Fjq5N1JXZAiGaN3V76H9cwJ1IVNgxx9whwl1871CdGFyXIRt5NGRbBVBD7cx2sOgsainxD0njJjIMXjU4AheAvhWCvOD%2BVlq27AnrAxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 88b1e6444c6818d7-FRA
alt-svc: h3=":443"; ma=86400
priority: u=3,i=?0

Redirect headers

date: Tue, 28 May 2024 23:07:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aB%2BAvVLRvfsJl6UVGvjPYeD4mjinI1AZFze2o859j%2F0m6c%2Fe5CsDRVWSYAainz%2BPd1RZZMTfTxVfwGtI7spw625tNd1%2Bkia%2BaNPfu2NqMjgh%2BTRBZHfQqei4zDV8twRw7c9KGg%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 88b1e640196818d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i=?0

POST
H3 204 rum Show response
www.jaiminton.com/cdn-cgi/ 0
143 B 45ms
42ms XHR
text/plain 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jaiminton.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Tue, 28 May 2024 23:07:11 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.jaiminton.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 88b1e6443c6018d7-FRA

GET
H3 200 favicon-32x32.png
www.jaiminton.com/ 3 KB
4 KB 143ms
138ms Other
image/png 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/favicon-32x32.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5992fdee9e1280f5bff51721b618c1345ecbb2978e4776825d374ba1ac17673b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-fastly-request-id: b62e4902fbdffd682238e6e9608e88f2b91813ec
date: Tue, 28 May 2024 23:07:11 GMT
via: 1.1 varnish
expires: Tue, 28 May 2024 23:17:11 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400
content-length: 3380
x-served-by: cache-fra-eddf8230089-FRA
last-modified: Tue, 28 May 2024 07:35:15 GMT
server: cloudflare
x-github-request-id: C77E:3DF284:34998B2:36362BA:6656639E
x-timer: S1716937631.419195,VS0,VE94
etag: "66558933-d34"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H6i12ob%2Be%2BYx7oTOiTazJA4afpyyM0lrqwS7hBMBO3dm2AT69BbzCsasd%2Bom8G5eYjVyGQSe7JwJcDd1G9g0ht1Q5qjfj6i%2BoKeVtfbPqTBO%2FYQFGcuaHXoz848%2F3%2B4lhp2IsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 88b1e6444c6718d7-FRA
priority: u=1,i
x-cache-hits: 0

POST
H3 200 88b1e63c2ddc18d7 Show response
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 255B 0
605 B 58ms
45ms XHR
text/plain 172.67.152.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/jsd/r/88b1e63c2ddc18d7
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.152.236 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 May 2024 23:07:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVJsVdX986aY5s8X1iyeaAnlOUUO%2BarZ70kTFYFyr22e7x38O%2FaS56mL1fxGXjyi66GFfkgtmAbQAzCdtSiSTCWhpVSGyi0uQzcGIWhIUyPtWARq3jERfMBMrZp5cmixuFmpMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 88b1e644fce918d7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=1,i

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.jaiminton.com/	1970-01-21 05:41:13	Name: cf_clearance Value: t.lwiDKQrEd4ELm9_r8.ifqVDN17OvWQG2T2DOKizIQ-1716937631-1.0.1.1-fCNu2itx1FypRBnPpcthi05SrXngQAEMIvCMIMuwfcO9D3qnpVK6vqVpCuFfRmZ8NaByQYzs0K28WdaElDPbIQ

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.jaiminton.com/cheatsheet/DFIR/#get-an-object-of-forensic-artifacts(Line 136) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.cloudflareinsights.com
use.fontawesome.com
www.jaiminton.com
172.67.152.236
2606:4700:3036::6815:1b98
2606:4700::6810:5049
06fbbb819a7f7c2e8b377f49130c5ae4654fbc734cacf7721ae46a6937b5aeb1
089ef3196f5de5b2bd64fde04892f6b04888b2dab0fe579bcbe61f2a31b9689e
1bedf211350e28796f14c9fca55d693bc7b3694598a92bd6435d215c2f7658ec
23267a421e3017964ca3c7884c355d050e3f052dede6035ae64325396f32475d
2475bd1214cb5a9413dbc2b29bbf10c1a718f2aeab59ea69aeac39bf7313705b
4914006e0525e89ff3d85e76aea1346550f10a86edda3435906c54a4636fd809
4d9b1921104eb209f68f191e40db355a7929c9b45205b0cb5690234f3a6277fc
5992fdee9e1280f5bff51721b618c1345ecbb2978e4776825d374ba1ac17673b
64b9f042a3cd4c1ae8364b79e3fa7a5ca42bcb13356b17542bc2c89fd562922b
70b2b469ab25b2c29a20cfdb87dcb75af7ac50764f285dea917aeabba88aedae
73ec5b416c0cf79d5535abfb80351988a2a1470ca40abc2b255fec7b9e4fc0b7
7d30097c70ad6045848450cd57b44049d296bdce594d6f5f02124334afa27a4c
809e727cb910039fef718a5bd2e1c9b2c42e9b679b686fe319bb1021c6c93006
89c8e085c3da89b31fd63bf88102068b931e58d1de9b64a2b29728ac28827d28
9bfb99372495669f6b29c9b915d9f8a7a04e36ee3e41e9363b9b8b2b55b58984
b92711806ac89c3d959cf3698e6950b41d974552dccf2c99beb4e4622f9edf55
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71a14b59c6cd81cd4262c163d05a16dc98709f28cb51b2dd24036f4f17d1089
f54e9c4515be23c1bea9f023fd76ed45d3c98497309c4ac6e68f3777b4028ddf
f9eb189676a78d42d7a8487eef683702ada6c5c866399eefbc0df319d5f7c6d7

www.jaiminton.com Open in urlscan Pro 172.67.152.236 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

21 Requests

95 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

1336 kBTransfer

2644 kBSize

1 Cookies

100 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

www.jaiminton.com Open in urlscan Pro
172.67.152.236 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

95 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

1336 kB
Transfer

2644 kB
Size

1
Cookies

21 HTTP transactions
0 data transactions