urlscan.io logo urlscan.io
SecurityTrails logo

www.slideshare.net Open in urlscan Pro
2a05:f500:10:101::b93f:910a  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&cad=rja&uact=8&ved=2ahUKEwjQpubC8_jjAhWwVN8KHS12CCIQFj...
Effective URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Submission: On August 10 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 8 domains to perform 52 HTTP transactions. The main IP is 2a05:f500:10:101::b93f:910a, located in Ireland and belongs to LINKEDIN - LinkedIn Corporation, US. The main domain is www.slideshare.net.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on May 23rd 2019. Valid for: 2 years.
This is the only time www.slideshare.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
4 2a05:f500:10:... 14413 (LINKEDIN)
22 2.18.232.80 16625 (AKAMAI-AS)
2 11 2a05:f500:10:... 14413 (LINKEDIN)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 3 2a05:f500:10:... 14413 (LINKEDIN)
52 8
1    2a00:1450:4001:820::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
4    2a05:f500:10:101::b93f:910a (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
www.slideshare.net
22    2.18.232.80 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-80.deploy.static.akamaitechnologies.com
public.slidesharecdn.com
image.slidesharecdn.com
11    2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
www.linkedin.com
4    2a00:1450:4001:817::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
ssl.google-analytics.com
1    2a02:26f0:6c00:293::3adf (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
sjs.bizographics.com
3    2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
px.ads.linkedin.com
Domain Requested by
20 public.slidesharecdn.com www.slideshare.net
public.slidesharecdn.com
11 www.linkedin.com 2 redirects www.slideshare.net
public.slidesharecdn.com
4 ssl.google-analytics.com public.slidesharecdn.com
4 www.slideshare.net www.google.com
www.slideshare.net
3 px.ads.linkedin.com 2 redirects
2 image.slidesharecdn.com www.slideshare.net
1 sjs.bizographics.com public.slidesharecdn.com
1 www.google.com
0 cdn.slidesharecdn.com Failed
0 sb.scorecardresearch.com Failed public.slidesharecdn.com
0 js-agent.newrelic.com Failed www.slideshare.net
52 11
Subject Issuer Validity Valid
www.google.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
www.slideshare.net
DigiCert SHA2 Secure Server CA		 2019-05-23 -
2021-08-03		 2 years crt.sh
*.slidesharecdn.com
DigiCert SHA2 Secure Server CA		 2017-07-18 -
2019-08-20		 2 years crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2018-05-30 -
2020-09-01		 2 years crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-07-29 -
2019-10-21		 3 months crt.sh
js.bizographics.com
DigiCert SHA2 Secure Server CA		 2018-04-13 -
2020-04-17		 2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2019-05-29 -
2021-06-29		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://www.slideshare.net/tekybala/catching-fileless-attacks
Frame ID: CA508016E974416F03E0C1F1A69EF964
Requests: 52 HTTP requests in this frame

Frame: https://www.linkedin.com/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D&fromSignIn=1&trk=oauth&cancel_redirect=%2Foauth%2Fv2%2Flogin-cancel%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D
Frame ID: 540B081FD78C811184A364F54D3EA699
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&cad=rja&uact=8&ved=2ahUKEwjQpubC8_... Page URL
  2. https://www.slideshare.net/tekybala/catching-fileless-attacks Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /gws/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

52
Requests

81 %
HTTPS

86 %
IPv6

8
Domains

11
Subdomains

8
IPs

3
Countries

832 kB
Transfer

1864 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&cad=rja&uact=8&ved=2ahUKEwjQpubC8_jjAhWwVN8KHS12CCIQFjAKegQIBRAB&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&usg=AOvVaw19Eh6Daw5afBN_a9yWCn8I Page URL
  2. https://www.slideshare.net/tekybala/catching-fileless-attacks Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17
  • https://www.linkedin.com/uas/oauth2/authorization?bypass_dialog=true&client_id=y4wa9oe4c6nu&redirect_uri=https%3A%2F%2Fwww.slideshare.net%2Fw%2Fsso%2Fredirect&response_type=code&scope=&state=de57fcd7d087850517298295288806 HTTP 303
  • https://www.linkedin.com/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D&fromSignIn=1&trk=oauth&cancel_redirect=%2Foauth%2Fv2%2Flogin-cancel%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D
Request Chain 45
  • https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1 HTTP 302
  • https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1565460736871%26pid%3D870%26url%3Dhttps%253A%252F%252Fwww.slideshare.net%252Ftekybala%252Fcatching-fileless-attacks%26fmt%3Djs%26s%3D1%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1&cookiesTest=true&liSync=true

52 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
url
www.google.com/ 		1020 B
851 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&cad=rja&uact=8&ved=2ahUKEwjQpubC8_jjAhWwVN8KHS12CCIQFjAKegQIBRAB&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&usg=AOvVaw19Eh6Daw5afBN_a9yWCn8I
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
gws /
Resource Hash
e810c92891cc7d09e5a156245286cb858e3aca6dc7380c0e83c555ed6d878e5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&cad=rja&uact=8&ved=2ahUKEwjQpubC8_jjAhWwVN8KHS12CCIQFjAKegQIBRAB&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&usg=AOvVaw19Eh6Daw5afBN_a9yWCn8I
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Sat, 10 Aug 2019 18:12:13 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=31536000
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
496
x-xss-protection
0
set-cookie
NID=188=KAakSK1hmnPZDufLp4RSW1BRmbZGqtRW7Cc1CNeWp_Uj_nQ3WLljcnwVcIWtDCZKjdFoSGqD-HDFnx4Leu1F-UA9OGzMChfFA0IhsphCoFraD3seky8MaMV_cMnR5g0l9HxgAhYN8pKXX3eLjhGBixUADk9sqXwNa8d7sysISVg; expires=Sun, 09-Feb-2020 18:12:13 GMT; path=/; domain=.google.com; HttpOnly CONSENT=WP.27cfcd; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
Primary Request catching-fileless-attacks
www.slideshare.net/tekybala/ 		148 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.slideshare.net/tekybala/catching-fileless-attacks
Requested by
Host: www.google.com
URL: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=11&cad=rja&uact=8&ved=2ahUKEwjQpubC8_jjAhWwVN8KHS12CCIQFjAKegQIBRAB&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&usg=AOvVaw19Eh6Daw5afBN_a9yWCn8I
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:910a , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
nginx /
Resource Hash
96afe9995f8b041ac09f7b30a70754bf2edde70687c0a5705c408ab1e7a44452
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.slideshare.net
:scheme
https
:path
/tekybala/catching-fileless-attacks
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.google.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Referer
https://www.google.com/

Response headers

status
200 200 OK
server
nginx
date
Sat, 10 Aug 2019 18:12:14 GMT
content-type
text/html; charset=utf-8
x-request-uuid
RVHsnd9Ecsm/Kc5RCvUvNA==
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
x-fruc-version
FRUC
x-bench-id
s77590360/a40071053
x-ss-make-cacheable
true
x-bench-route
slideshow/view
x-xss-protection
1; mode=block
cache-control
max-age=86400, public
x-ua-compatible
IE=Edge,chrome=1
etag
W/"b4eedc452b9777b1f8496a4b50ffa9ff"
x-request-id
3fa452c01bcd57beedd15a7bd79af127
x-runtime
0.695455
p3p
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
content-encoding
gzip
x-li-fabric
prod-lva1
set-cookie
language=**; path=/; secure flash=---%250Asig%253A%2B9b09d559b726d2a8fc5d37ef45370889fc541aff%250Adata%253A%2B%2522---%255Cnvals%253A%255Cn%2B%2B%253Anotice%253A%2B%255Cn%2B%2B%253Awarning%253A%2B%255Cn%2B%2B%253Amessage%253A%2B%255Cn%2B%2B%253Asuccess%253A%2B%255Cn%2B%2B%253Aerror%253A%250A%2B%2B%255Cn%2B%2B%253Apermanent%253A%2B%255Cn%2B%2B%253Amodal_notice%253A%2B%255Cn%2B%2B%253Adwnldloop%253A%2B%255Cn%2B%2B%253Aunverdwnld%253A%2B%255Cnused%253A%2B%2521ruby%252Fobject%253ASet%255Cn%250A%2B%2B%255C%2Bhash%253A%2B%257B%257D%255Cn%2522%250A; path=/; secure SERVERID=sldsng1|XU8JA|XU8JA; path=/ bcookie="v=2&6f6197ea-4592-4e25-8ce0-b3a257cfc8c5"; domain=.slideshare.net; Path=/; Expires=Tue, 10-Aug-2021 05:49:46 GMT
x-li-pop
prod-efr5
x-li-proto
http/2
x-li-uuid
c7TsUD6iuRVgMo8oZisAAA==
app_critical.css
public.slidesharecdn.com/ss_foundation/stylesheets/ 		153 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/stylesheets/app_critical.css?d07c140444
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
c81ab292345d8475730f250b72d707bd957dc73f25a4acf6142c88cd4327682e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
31198
X-LI-UUID
30CilYjEjxXAv4iQwCoAAA==
Server
nginx
Last-Modified
Tue, 26 Mar 2019 23:46:26 GMT
X-Li-Pop
prod-efr5
ETag
W/"5c9ab9d2-262d2"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
slideview_critical.css
public.slidesharecdn.com/ss_foundation/stylesheets/ 		54 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/stylesheets/slideview_critical.css?216936e71d
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e13f5470cbcf6b1d42f7d9e26557c650fc9a59dfab21916e7a727dc3f4feefa2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
10031
X-LI-UUID
dkOUg9HsshVAFKHZvyoAAA==
Server
nginx
Last-Modified
Fri, 19 Jul 2019 20:16:22 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d322516-d9d3"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
combined_presentation.css
public.slidesharecdn.com/stylesheets/ssplayer/ 		81 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/stylesheets/ssplayer/combined_presentation.css?6533210f0d
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e73b93e896c9489001ca01c372056b2d8cea37c3649029ef0c6014eebcdaa859
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
25176
X-LI-UUID
91PViywytxWAApjP4SoAAA==
Server
nginx
Last-Modified
Fri, 02 Aug 2019 19:21:36 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d448d40-142e0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
combined_experiments.js
public.slidesharecdn.com/ss_foundation/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/combined_experiments.js?59e3c7a1df
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
dcd260b5b5bdec09ed384b9677993518240832abb9916b704aa44e6001bdc4c7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
1863
X-LI-UUID
5hX0ShVVdhUgi6JM6SoAAA==
Server
nginx
Last-Modified
Thu, 13 Dec 2018 19:14:52 GMT
X-Li-Pop
prod-efr5
ETag
W/"5c12afac-11bd"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
SS_Logo_White_Large.png
public.slidesharecdn.com/images/logo/linkedin-ss/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://public.slidesharecdn.com/images/logo/linkedin-ss/SS_Logo_White_Large.png?6d1f7a78a6
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0aa91ae757d194c2473013d9a2d81b09ce1e25a51031d9e98861f2a7bc419b1f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
4916
X-LI-UUID
XdBfBjA+fhXg0i3R0SoAAA==
Server
nginx
Last-Modified
Mon, 28 Jan 2019 23:44:20 GMT
X-Li-Pop
prod-efr5
ETag
"5c4f93d4-1341"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
catching-fileless-attacks-1-638.jpg
image.slidesharecdn.com/catchingfilelessattacksl-170706203143/95/ 		25 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.slidesharecdn.com/catchingfilelessattacksl-170706203143/95/catching-fileless-attacks-1-638.jpg?cb=1499373425
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
b9621f7fc8b2716fb20e715e51cb11e356da9d0bd5227cc8bbaec7b47cff0d45

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
1RpmnRsyZZ7VyF.vivfhthG.xOikbuMT
Last-Modified
Thu, 06 Jul 2017 20:31:53 GMT
Server
AmazonS3
x-amz-request-id
E6802FFDE583B002
ETag
"5d73630362b63bece60de23dc9dc0e51"
x-amz-id-2
uIv+El+Tm5QAnZKCpdndw4fsVW0GLC644Vhx4DJRMbOkxIvOb2/ymalYaBISfXvLevtjJzsJjZ8=
Content-Type
image/jpeg
Cache-Control
max-age=604800
Date
Sat, 10 Aug 2019 18:12:15 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
26104
X-CDN
AKAM
user-48x48.png
public.slidesharecdn.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://public.slidesharecdn.com/images/user-48x48.png
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1f476cbc6b0d4ba00f6dfde7a8e8d9a4d4703e43c727c96ac7dc7589295f8320
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
1725
X-LI-UUID
s1GIyh56dBVgkU8BlSsAAA==
Server
nginx
Last-Modified
Thu, 13 Dec 2018 20:16:32 GMT
X-Li-Pop
prod-efr5
ETag
"5c12be20-6a6"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
thumbnail.png
public.slidesharecdn.com/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://public.slidesharecdn.com/images/thumbnail.png
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4689cfa9db2bfcc56ff2c81f74f88cc12d4676bf07e077aafdf0136a4bd1182a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
1338
X-LI-UUID
/ersfDtVdhUg+cCh6SoAAA==
Server
nginx
Last-Modified
Thu, 13 Dec 2018 20:16:32 GMT
X-Li-Pop
prod-efr5
ETag
"5c12be20-523"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
combined_foundation_base.js
public.slidesharecdn.com/ss_foundation/ 		502 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
0dc02e2f171daa8bd4f00a3b9620f047a0add2f1eda658cfe5080e2ab811571d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
143700
X-LI-UUID
EhK44CO0khVAnQDVbysAAA==
Server
nginx
Last-Modified
Fri, 05 Apr 2019 22:03:03 GMT
X-Li-Pop
prod-efr5
ETag
W/"5ca7d097-7d991"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
combined_player_presentation_init.js
public.slidesharecdn.com/ss_foundation/ 		210 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/combined_player_presentation_init.js?dc0fcc5527
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
fd34f28c91848fee1678f18100e1cd08156c7d737fd6c056ec87b73e4d95ef7e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
65123
X-LI-UUID
iJqXHHuHoBVAPlPYGisAAA==
Server
nginx
Last-Modified
Mon, 20 May 2019 16:38:47 GMT
X-Li-Pop
prod-efr5
ETag
W/"5ce2d817-3487b"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
combined_base.js
public.slidesharecdn.com/javascripts/rum_new/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/javascripts/rum_new/combined_base.js?826af57281
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
79e24071137dc49a79438ee82111be3f4d55a817591e8914eb7cd7fa8d812878
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
7461
X-LI-UUID
eoa2r+79bxUAkyWikSsAAA==
Server
nginx
Last-Modified
Thu, 13 Dec 2018 19:18:25 GMT
X-Li-Pop
prod-efr5
ETag
W/"5c12b081-5ca9"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
fontawesome-webfont.woff2
public.slidesharecdn.com/fonts/ 		0
0
1x1.gif
public.slidesharecdn.com/images/ 		35 B
503 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://public.slidesharecdn.com/images/1x1.gif?cb=1564773695
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://public.slidesharecdn.com/stylesheets/ssplayer/combined_presentation.css?6533210f0d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
35
X-LI-UUID
XVWHlywytxVAT+nv4SoAAA==
Server
nginx
Last-Modified
Fri, 02 Aug 2019 19:32:25 GMT
X-Li-Pop
prod-efr5
ETag
"5d448fc9-23"
Content-Type
image/gif
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
lynda_play_icon.png
public.slidesharecdn.com/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://public.slidesharecdn.com/images/lynda_play_icon.png?4d1153da38
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
cd36dd1743e77c1609d4504eb6d2dd782e0a44f81a479b2965c3d55939e91f3c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://public.slidesharecdn.com/ss_foundation/stylesheets/slideview_critical.css?216936e71d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
1285
X-LI-UUID
nZbSUM/YsBVAfMO/rioAAA==
Server
nginx
Last-Modified
Wed, 26 Jun 2019 21:30:35 GMT
X-Li-Pop
prod-efr5
ETag
"5d13e3fb-4ee"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
fontawesome-webfont.woff
public.slidesharecdn.com/fonts/ 		70 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/fonts/fontawesome-webfont.woff?d9ee23d59d
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3870de89716b72cb61a4bba0e17c75783b361cdaba35ea96961c3070bd8ca18
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://public.slidesharecdn.com/ss_foundation/stylesheets/app_critical.css?d07c140444
Origin
https://www.slideshare.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
71508
X-LI-UUID
SRJe89lHlxVg/1UrECsAAA==
Server
nginx
Last-Modified
Mon, 15 Apr 2019 18:54:38 GMT
X-Li-Pop
PROD-IDB2
ETag
"5cb4d36e-11754"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=21866489
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-LI-Proto
http/1.1
Access-Control-Allow-Headers
*
X-Li-Fabric
prod-ltx1
Expires
Sun, 19 Apr 2020 20:13:45 GMT
set_state_session
www.slideshare.net/w/sso/ 		316 B
714 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.slideshare.net/w/sso/set_state_session
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:910a , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
nginx /
Resource Hash
dd652d51e25887a1ba0ef0be0d5e095c84578caf1b20da0c65178e359319ff27
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
X-NewRelic-ID
XQ4PQlRRCQoJVVFR
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
X-Requested-With
XMLHttpRequest
Sec-Fetch-Mode
cors

Response headers

date
Sat, 10 Aug 2019 18:12:15 GMT
content-encoding
gzip
x-content-type-options
nosniff, nosniff
p3p
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
status
200, 200 OK
server
nginx
x-li-uuid
Mw7jrD6iuRWAVszAZysAAA==
x-request-id
9ddfba7cb200d5efa7e9f9b5b9292754
x-ua-compatible
IE=Edge,chrome=1
x-runtime
0.022524
x-fruc-version
FRUC
x-newrelic-app-data
PxQOWV5ACgsJXVJQDwIVSkZyWV0WFAwOXAdKTUtRWlVfAGYSWAZdPQtYGBIDF2dARAUVB2hCUhUXWFldQEpTTABOCEwICgcDBVQIVgNZBVRcBAZTX08VAhxGAwcOCVQCVAYPAARUBVEAVho/
x-li-pop
prod-efr5
etag
W/"f51ff500cec8e8548e3347915373001c"
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
x-xss-protection
1; mode=block
cache-control
max-age=0, private, must-revalidate
x-request-uuid
+g68uDRaK2pRr1MIpl9QaA==
x-bench-route
single_sign_on/set_state_session
x-li-proto
http/2
x-li-fabric
prod-ltx1
login
www.linkedin.com/uas/ Frame 540B
Redirect Chain
  • https://www.linkedin.com/uas/oauth2/authorization?bypass_dialog=true&client_id=y4wa9oe4c6nu&redirect_uri=https%3A%2F%2Fwww.slideshare.net%2Fw%2Fsso%2Fredirect&response_type=code&scope=&state=de57fc...
  • https://www.linkedin.com/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%252...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.linkedin.com/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D&fromSignIn=1&trk=oauth&cancel_redirect=%2Foauth%2Fv2%2Flogin-cancel%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ wss://www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com; object-src 'none'; media-src blob: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=lg
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.linkedin.com
:scheme
https
:path
/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D&fromSignIn=1&trk=oauth&cancel_redirect=%2Foauth%2Fv2%2Flogin-cancel%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
nested-navigate
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
accept-encoding
gzip, deflate, br
cookie
JSESSIONID=ajax:2423522473592627862; lang=v=2&lang=en-us; bcookie="v=2&73bd9509-46d5-454e-8138-6cf120a2033e"; bscookie="v=1&20190810181215d8cc6407-31a6-4b96-858e-e4e14aebec0fAQFW2kwUNDr8HX9IcNpqr7J8nPdbim23"; lissc2=1; lidc="b=VB76:g=1894:u=1:i=1565460735:t=1565547135:s=AQEWChY_mC77veDfkf_s24XMHOzS6R2U"
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks

Response headers

status
200
vary
Accept-Encoding
server
Play
content-type
text/html; charset=utf-8
last-modified
Tue, 06 Aug 2019 10:43:25 UTC
content-length
7191
content-encoding
gzip
date
Sat, 10 Aug 2019 18:12:16 GMT
x-fs-uuid
87732cc43ea2b915e037fb0c492b0000
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-frame-options
sameorigin
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ wss://www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com; object-src 'none'; media-src blob: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=lg
x-li-fabric
prod-lva1
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
cache-control
no-cache, no-store
x-li-pop
prod-efr5
x-li-proto
http/2
set-cookie
lissc1=1; domain=www.linkedin.com; path=/; max-age=2592000; expires=Thu, 01 Jan 1970 00:00:01 GMT; secure; httponly; samesite=lax lissc2=1; domain=www.linkedin.com; path=/; max-age=2592000; expires=Thu, 01 Jan 1970 00:00:01 GMT; secure; httponly
x-li-uuid
h3MsxD6iuRXgN/sMSSsAAA==

Redirect headers

status
303
vary
Accept-Encoding
server
Play
location
https://www.linkedin.com/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D&fromSignIn=1&trk=oauth&cancel_redirect=%2Foauth%2Fv2%2Flogin-cancel%3Fapp_id%3D199685%26auth_type%3DAC%26flow%3D%257B%2522authorizationType%2522%253A%2522OAUTH2_AUTHORIZATION_CODE%2522%252C%2522redirectUri%2522%253A%2522https%253A%252F%252Fwww.slideshare.net%252Fw%252Fsso%252Fredirect%2522%252C%2522externalBindingKey%2522%253Anull%252C%2522loginHint%2522%253Anull%252C%2522codeChallenge%2522%253Anull%252C%2522codeChallengeMethod%2522%253Anull%252C%2522currentStage%2522%253A%2522LOGIN_SUCCESS%2522%252C%2522currentSubStage%2522%253A0%252C%2522flowHint%2522%253Anull%252C%2522authFlowName%2522%253A%2522generic-permission-list%2522%252C%2522appId%2522%253A199685%252C%2522scope%2522%253A%2522%2522%252C%2522creationTime%2522%253A1565460735830%252C%2522state%2522%253A%2522de57fcd7d087850517298295288806%2522%257D
content-length
20
content-encoding
gzip
date
Sat, 10 Aug 2019 18:12:15 GMT
x-fs-uuid
998327b73ea2b915e0226d88482b0000
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-frame-options
sameorigin
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ wss://www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com; object-src 'none'; media-src blob: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=lg
x-li-fabric
prod-lva1
set-cookie
PLAY_SESSION=eb8acbf7ee7858b15b3557ca1d87c07962aaf5e0-flowTrackingId=rH0rKOO%2FSmutM%2BWBRGrR5w%3D%3D; Path=/oauth/; Secure; HTTPOnly JSESSIONID=ajax:2423522473592627862; Path=/; Domain=.www.linkedin.com lang=v=2&lang=en-us; Path=/; Domain=linkedin.com bcookie="v=2&73bd9509-46d5-454e-8138-6cf120a2033e"; domain=.linkedin.com; Path=/; Expires=Tue, 10-Aug-2021 05:49:47 GMT bscookie="v=1&20190810181215d8cc6407-31a6-4b96-858e-e4e14aebec0fAQFW2kwUNDr8HX9IcNpqr7J8nPdbim23"; domain=.www.linkedin.com; Path=/; Secure; Expires=Tue, 10-Aug-2021 05:49:47 GMT; HttpOnly lissc1=1; domain=www.linkedin.com; path=/; max-age=2592000; expires=Thu, 01 Jan 1970 00:00:01 GMT; secure; httponly; samesite=lax lissc2=1; domain=www.linkedin.com; path=/; max-age=2592000; expires=Thu, 01 Jan 1970 00:00:01 GMT; secure; httponly lidc="b=VB76:g=1894:u=1:i=1565460735:t=1565547135:s=AQEWChY_mC77veDfkf_s24XMHOzS6R2U"; Expires=Sun, 11 Aug 2019 18:12:15 GMT; domain=.linkedin.com; Path=/
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
cache-control
no-cache, no-store
x-li-pop
prod-efr5
x-li-proto
http/2
x-li-uuid
mYMntz6iuRXgIm2ISCsAAA==
nr-1130.min.js
js-agent.newrelic.com/ 		0
0
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 29 Jul 2019 21:35:27 GMT
server
Golfe2
age
7056
date
Sat, 10 Aug 2019 16:14:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17168
expires
Sat, 10 Aug 2019 18:14:40 GMT
beacon.js
sb.scorecardresearch.com/ 		0
0
app.css
public.slidesharecdn.com/ss_foundation/stylesheets/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/stylesheets/app.css?ebe1c594f95ba2fd44790ee4f551fd5768993b33
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
fcf2a6af7f2dde79b3ce7c8f9698fa196ab594502d70965257c7de4520afc9bb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
5468
X-LI-UUID
uwD2tSwytxWAAVRU4SoAAA==
Server
nginx
Last-Modified
Fri, 02 Aug 2019 19:19:22 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d448cba-5c63"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
combined_slideview_loggedout.js
public.slidesharecdn.com/ss_foundation/ 		60 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/combined_slideview_loggedout.js?ebe1c594f95ba2fd44790ee4f551fd5768993b33
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d97bee40823658ba367a5e50235e71e2190a70f384ef62c775279a51d2b118f8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
20584
X-LI-UUID
xjwgGi4ytxUg48IC4ioAAA==
Server
nginx
Last-Modified
Fri, 02 Aug 2019 19:19:59 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d448cdf-f042"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
slideview.css
public.slidesharecdn.com/ss_foundation/stylesheets/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/stylesheets/slideview.css?ebe1c594f95ba2fd44790ee4f551fd5768993b33
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
57f061aa58e9c8627c79ae2f6e886757a79bbaadef570933ab53494db937641d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
930
X-LI-UUID
3yZ7uCwytxXgGBKO4SoAAA==
Server
nginx
Last-Modified
Fri, 02 Aug 2019 19:20:19 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d448cf3-9d5"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
ext
www.linkedin.com/media-proxy/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.linkedin.com/media-proxy/ext?w=1200&h=675&hash=dTAVDscYes1J4Ec%2F4ONSWvNwSnk%3D&ora=1%2CaFBCTXdkRmpGL2lvQUFBPQ%2CxAVta5g-0R6plxVUzgUv5K_PrkC9q0RIUJDPBy-kWyai-9SfZXfqccbeZLSiolwWfy8JlQEyfuisRznmEY69LcLmY4Yx3A
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
addfd8f94f5f4de95fb6b0800aaad40b870f5044fe256aa7302786e7d978fe0a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
status
200
x-cdn-proto
HTTP2
x-li-uuid
HP2V7T6iuRUABVWNSCsAAA==
server
Apache-Coyote/1.1
pragma
no-cache
last-modified
Sat, 10 Aug 2019 17:53:46 GMT
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
ext
www.linkedin.com/media-proxy/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.linkedin.com/media-proxy/ext?w=1200&h=675&hash=lfrW5Eg55Ua8M%2FKQlsKd%2F2cAxHs%3D&ora=1%2CaFBCTXdkRmpGL2lvQUFBPQ%2CxAVta5g-0R6plxVUzgUv5K_PrkC9q0RIUJDPBy-lXCai8tyfZHDqcc_WZLSiol8SfykEkAI0femuSTTnFY69LcLmY4Yx3A
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
62491dc88ed4a757424761f208be0282ad4f7b928b6bbd6c035de7348831ac92
Security Headers
Name Value
Content-Security-Policy default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
status
200
x-cdn-proto
HTTP2
x-li-uuid
vjap7T6iuRUA3IvGSSsAAA==
server
Apache-Coyote/1.1
pragma
no-cache
last-modified
Sat, 10 Aug 2019 18:05:56 GMT
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
ext
www.linkedin.com/media-proxy/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.linkedin.com/media-proxy/ext?w=1200&h=675&hash=oeh1GtlKyLzCey9HnQ0%2B%2BXfGgy4%3D&ora=1%2CaFBCTXdkRmpGL2lvQUFBPQ%2CxAVta5g-0R6plxVUzgUv5K_PrkC9q0RIUJDPBy-kXSWo-dSfZXHpe8TeZLSiol4ffysBlQ02e-utSTHkE469LcLmY4Yx3A
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
4d539b9c084c8517bfdd2214cd48ac7bf1e521f8e772900dc426fd5d789bcdf7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
status
200
x-cdn-proto
HTTP2
x-li-uuid
yLW77T6iuRXgGckuSCsAAA==
server
Apache-Coyote/1.1
pragma
no-cache
last-modified
Sat, 10 Aug 2019 17:56:22 GMT
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
livingofftheland-170728145413-thumbnail-2.jpg
cdn.slidesharecdn.com/ss_thumbnails/ 		0
0
crowdstrikeesgstateofendpointcc-171009192626-thumbnail-2.jpg
cdn.slidesharecdn.com/ss_thumbnails/ 		0
0
crowdstrikefilelesscrowdcastss-170725183300-thumbnail-2.jpg
cdn.slidesharecdn.com/ss_thumbnails/ 		0
0
fileless-malware-infections-171112215944-thumbnail-2.jpg
cdn.slidesharecdn.com/ss_thumbnails/ 		0
0
emailthreats2017-171103145944-thumbnail-2.jpg
cdn.slidesharecdn.com/ss_thumbnails/ 		0
0
writingjavascriptwithoutnumbersorletters-160416044325-thumbnail-2.jpg
cdn.slidesharecdn.com/ss_thumbnails/ 		0
0
thememoryremains-170204175001-thumbnail-2.jpg
cdn.slidesharecdn.com/ss_thumbnails/ 		0
0
user-48x48.png
public.slidesharecdn.com/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://public.slidesharecdn.com/images/user-48x48.png
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1f476cbc6b0d4ba00f6dfde7a8e8d9a4d4703e43c727c96ac7dc7589295f8320
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
1725
X-LI-UUID
s1GIyh56dBVgkU8BlSsAAA==
Server
nginx
Last-Modified
Thu, 13 Dec 2018 20:16:32 GMT
X-Li-Pop
prod-efr5
ETag
"5c12be20-6a6"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
app.css
public.slidesharecdn.com/ss_foundation/stylesheets/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/stylesheets/app.css?ebe1c594f95ba2fd44790ee4f551fd5768993b33
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
fcf2a6af7f2dde79b3ce7c8f9698fa196ab594502d70965257c7de4520afc9bb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
5468
X-LI-UUID
uwD2tSwytxWAAVRU4SoAAA==
Server
nginx
Last-Modified
Fri, 02 Aug 2019 19:19:22 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d448cba-5c63"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
__utm.gif
ssl.google-analytics.com/r/ 		35 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2129725301&utmhn=www.slideshare.net&utme=8(member_type)9(LOGGEDOUT)11(1)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Catching%20fileless%20attacks&utmhid=1069955223&utmr=https%3A%2F%2Fwww.google.com%2F&utmp=%2Ftekybala%2Fcatching-fileless-attacks&utmht=1565460736661&utmac=UA-2330466-1&utmcc=__utma%3D186399478.1213481514.1565460737.1565460737.1565460737.1%3B%2B__utmz%3D186399478.1565460737.1.1.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=2049656094&utmredir=1&utmu=qRAAACAAAAAAAAAAAAAAAAQE~
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 10 Aug 2019 18:12:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
__utm.gif
ssl.google-analytics.com/ 		35 B
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/__utm.gif?utmwv=5.7.2&utms=2&utmn=826600555&utmhn=www.slideshare.net&utmt=event&utme=5(bigfoot_slideview*pageload)8(member_type*3!source)9(LOGGEDOUT*3!not_set)11(1)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Catching%20fileless%20attacks&utmhid=1069955223&utmr=https%3A%2F%2Fwww.google.com%2F&utmp=%2Ftekybala%2Fcatching-fileless-attacks&utmht=1565460736666&utmac=UA-2330466-1&utmni=1&utmcc=__utma%3D186399478.1213481514.1565460737.1565460737.1565460737.1%3B%2B__utmz%3D186399478.1565460737.1.1.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=&utmu=6RAAACAAAAAAAAAAAAAAAAQE~
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Jun 2019 12:38:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
6068002
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
__utm.gif
ssl.google-analytics.com/ 		35 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/__utm.gif?utmwv=5.7.2&utms=3&utmn=699283404&utmhn=www.slideshare.net&utmt=event&utme=5(jsplayer*slideview*player_initialized)8(member_type*3!source)9(LOGGEDOUT*3!not_set)11(1)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Catching%20fileless%20attacks&utmhid=1069955223&utmr=https%3A%2F%2Fwww.google.com%2F&utmp=%2Ftekybala%2Fcatching-fileless-attacks&utmht=1565460736667&utmac=UA-2330466-1&utmni=1&utmcc=__utma%3D186399478.1213481514.1565460737.1565460737.1565460737.1%3B%2B__utmz%3D186399478.1565460737.1.1.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=&utmu=6RAAACAAAAAAAAAAAAAAAAQE~
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 01 Jun 2019 12:38:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
6068002
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
insight.min.js
sjs.bizographics.com/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sjs.bizographics.com/insight.min.js
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_slideview_loggedout.js?ebe1c594f95ba2fd44790ee4f551fd5768993b33
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:293::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
Last-Modified
Mon, 03 Dec 2018 23:03:30 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=26762
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4571
javascript
www.linkedin.com/csp/ 		374 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.linkedin.com/csp/javascript?random=206790105576491600&div=sponsored-content-1&style=false
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
6a20c8cc88968d762c349434d682c88361cb2c768f413e912b4baaaf7083133e
Security Headers
Name Value
Content-Security-Policy default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ wss://*.linkedin.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com; object-src 'none'; media-src blob: *; frame-ancestors http://*.adnxs.com https://*.adnxs.com http://*.linkedin.com https://*.linkedin.com http://*.slideshare.net https://*.slideshare.net https://*.msn.com http://*.msn.com http://*.outlook.com https://*.outlook.com translate.googleusercontent.com pemberly.www.linkedin.com:4443; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ad
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-li-uuid
3Qb18T6iuRWAmDbaSCsAAA==
server
Apache-Coyote/1.1
pragma
no-cache
x-li-pop
prod-efr5
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
text/javascript;charset=UTF-8
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ wss://*.linkedin.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com; object-src 'none'; media-src blob: *; frame-ancestors http://*.adnxs.com https://*.adnxs.com http://*.linkedin.com https://*.linkedin.com http://*.slideshare.net https://*.slideshare.net https://*.msn.com http://*.msn.com http://*.outlook.com https://*.outlook.com translate.googleusercontent.com pemberly.www.linkedin.com:4443; report-uri https://www.linkedin.com/platform-telemetry/csp?f=ad
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
track
www.linkedin.com/li/ 		0
988 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.linkedin.com/li/track
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Csrf-Token
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/json

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
content-length
20
x-li-uuid
HfJa+T6iuRWg1x6ASCsAAA==
server
Play
pragma
no-cache
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.slideshare.net
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
access-control-allow-credentials
true
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
catching-fileless-attacks-1-320.jpg
image.slidesharecdn.com/catchingfilelessattacksl-170706203143/85/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image.slidesharecdn.com/catchingfilelessattacksl-170706203143/85/catching-fileless-attacks-1-320.jpg?cb=1499373425
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
b7920dfbc544df67700f10902f2a329650bb8d6e6b85ed4d8d9a20f0e0d04fc4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
vo0cdMd9mIRPiIux5sO38AK4PVYZUlNE
Last-Modified
Thu, 06 Jul 2017 20:31:54 GMT
Server
AmazonS3
x-amz-request-id
59ED4570B85484D6
ETag
"84eade8a8aef953e237e0a7da1af0eb5"
x-amz-id-2
E9rHOCBse375meUiAS4YWQ/1Bi1VxBH7eQz3Lc/ceQPA38zlAeYDKyeIzFNFj7ymceHxflN7JTg=
Content-Type
image/jpeg
Cache-Control
max-age=604800
Date
Sat, 10 Aug 2019 18:12:16 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6078
X-CDN
AKAM
icons.svg
public.slidesharecdn.com/images/artdeco/ 		107 KB
33 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/images/artdeco/icons.svg?b5af75c98a
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1a61e513c7ab3b10a662377873559691b61f9ea5f6ffd9891cf6088caa0f0a61
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
32971
X-LI-UUID
84E1DHDbsxVgUk0oGysAAA==
Server
nginx
Last-Modified
Mon, 22 Jul 2019 22:29:15 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d3638bb-1ab9a"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=29910030
Access-Control-Allow-Credentials
false
X-LI-Proto
http/1.1
Access-Control-Allow-Headers
*
X-Li-Fabric
prod-lva1
Expires
Tue, 21 Jul 2020 22:32:46 GMT
ext
www.linkedin.com/media-proxy/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.linkedin.com/media-proxy/ext?w=1200&h=675&hash=dTAVDscYes1J4Ec%2F4ONSWvNwSnk%3D&ora=1%2CaFBCTXdkRmpGL2lvQUFBPQ%2CxAVta5g-0R6plxVUzgUv5K_PrkC9q0RIUJDPBy-kWyai-9SfZXfqccbeZLSiolwWfy8JlQEyfuisRznmEY69LcLmY4Yx3A
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
addfd8f94f5f4de95fb6b0800aaad40b870f5044fe256aa7302786e7d978fe0a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
status
200
x-cdn-proto
HTTP2
x-li-uuid
WLmv+D6iuRVgvZubSCsAAA==
server
Apache-Coyote/1.1
pragma
no-cache
last-modified
Sat, 10 Aug 2019 17:53:46 GMT
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
px.ads.linkedin.com/collect/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1
  • https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%2F%3Ftime%3D1565460736871%26pid%3D870%26url%3Dhttps%253A%252F%252Fwww.slideshare.net%252Ftekybala%252Fcatchi...
  • https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1&cookiesTest=true&liSync=true
0
70 B 		Script
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1&cookiesTest=true&liSync=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:17 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
20
x-li-uuid
6g7zDz+iuRXAgEgxYSsAAA==

Redirect headers

date
Sat, 10 Aug 2019 18:12:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
vary
Accept-Encoding
content-length
20
x-li-uuid
+/KMCT+iuRXgTXLdSCsAAA==
server
Play
pragma
no-cache
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect/?time=1565460736871&pid=870&url=https%3A%2F%2Fwww.slideshare.net%2Ftekybala%2Fcatching-fileless-attacks&fmt=js&s=1&cookiesTest=true&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
ext
www.linkedin.com/media-proxy/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.linkedin.com/media-proxy/ext?w=1200&h=675&hash=lfrW5Eg55Ua8M%2FKQlsKd%2F2cAxHs%3D&ora=1%2CaFBCTXdkRmpGL2lvQUFBPQ%2CxAVta5g-0R6plxVUzgUv5K_PrkC9q0RIUJDPBy-lXCai8tyfZHDqcc_WZLSiol8SfykEkAI0femuSTTnFY69LcLmY4Yx3A
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
62491dc88ed4a757424761f208be0282ad4f7b928b6bbd6c035de7348831ac92
Security Headers
Name Value
Content-Security-Policy default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
status
200
x-cdn-proto
HTTP2
x-li-uuid
JtH6+z6iuRUg7pGbSCsAAA==
server
Apache-Coyote/1.1
pragma
no-cache
last-modified
Sat, 10 Aug 2019 18:05:56 GMT
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
ext
www.linkedin.com/media-proxy/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.linkedin.com/media-proxy/ext?w=1200&h=675&hash=oeh1GtlKyLzCey9HnQ0%2B%2BXfGgy4%3D&ora=1%2CaFBCTXdkRmpGL2lvQUFBPQ%2CxAVta5g-0R6plxVUzgUv5K_PrkC9q0RIUJDPBy-kXSWo-dSfZXHpe8TeZLSiol4ffysBlQ02e-utSTHkE469LcLmY4Yx3A
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9101 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
4d539b9c084c8517bfdd2214cd48ac7bf1e521f8e772900dc426fd5d789bcdf7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 10 Aug 2019 18:12:16 GMT
x-content-type-options
nosniff
x-cdn-client-ip-version
IPV6
status
200
x-cdn-proto
HTTP2
x-li-uuid
AxEx/D6iuRXgpTLaSCsAAA==
server
Apache-Coyote/1.1
pragma
no-cache
last-modified
Sat, 10 Aug 2019 17:56:22 GMT
x-li-pop
prod-efr5
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src 'none'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=c
x-li-proto
http/2
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ 		26 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
slideview.css
public.slidesharecdn.com/ss_foundation/stylesheets/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://public.slidesharecdn.com/ss_foundation/stylesheets/slideview.css?ebe1c594f95ba2fd44790ee4f551fd5768993b33
Requested by
Host: public.slidesharecdn.com
URL: https://public.slidesharecdn.com/ss_foundation/combined_foundation_base.js?a991af4de8
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.80 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-80.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
57f061aa58e9c8627c79ae2f6e886757a79bbaadef570933ab53494db937641d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sat, 10 Aug 2019 18:12:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
AKAM
P3P
CP="OTI DSP COR CUR ADM DEV PSD IVD CONo OUR IND"
Connection
keep-alive
Content-Length
930
X-LI-UUID
3yZ7uCwytxXgGBKO4SoAAA==
Server
nginx
Last-Modified
Fri, 02 Aug 2019 19:20:19 GMT
X-Li-Pop
prod-efr5
ETag
W/"5d448cf3-9d5"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
X-LI-Proto
http/1.1
X-Li-Fabric
prod-lva1
admin
www.slideshare.net/fizzy/ 		5 B
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.slideshare.net/fizzy/admin?1565460737143
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:910a , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
/
Resource Hash
d43cf775e7609f1274a4cd97b7649be036b01a6e22d6a04038ecd51811652cf7

Request headers

Sec-Fetch-Mode
cors
X-NewRelic-ID
XQ4PQlRRCQoJVVFR
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Sat, 10 Aug 2019 18:12:17 GMT
x-li-proto
http/2
x-li-pop
prod-efr5
x-li-uuid
AuuVCz+iuRWAdxH8ZisAAA==
x-fs-uuid
02eb950b3fa2b915807711fc662b0000
x-li-fabric
prod-lva1
track
www.slideshare.net/li/ 		0
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.slideshare.net/li/track
Requested by
Host: www.slideshare.net
URL: https://www.slideshare.net/tekybala/catching-fileless-attacks
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:910a , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
cors
X-NewRelic-ID
XQ4PQlRRCQoJVVFR
Referer
https://www.slideshare.net/tekybala/catching-fileless-attacks
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Csrf-Token
content-type
application/json

Response headers

date
Sat, 10 Aug 2019 18:12:17 GMT
content-encoding
gzip
server
Play
status
200
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.slideshare.net
x-li-proto
http/2
access-control-allow-credentials
true
x-li-pop
prod-efr5
content-length
20
x-li-uuid
As04MD+iuRWAmuYNZysAAA==
x-li-fabric
prod-lva1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
public.slidesharecdn.com
URL
https://public.slidesharecdn.com/fonts/fontawesome-webfont.woff2?97493d3f11
Domain
js-agent.newrelic.com
URL
https://js-agent.newrelic.com/nr-1130.min.js
Domain
sb.scorecardresearch.com
URL
https://sb.scorecardresearch.com/beacon.js
Domain
cdn.slidesharecdn.com
URL
https://cdn.slidesharecdn.com/ss_thumbnails/livingofftheland-170728145413-thumbnail-2.jpg?cb=1501253824
Domain
cdn.slidesharecdn.com
URL
https://cdn.slidesharecdn.com/ss_thumbnails/crowdstrikeesgstateofendpointcc-171009192626-thumbnail-2.jpg?cb=1507577600
Domain
cdn.slidesharecdn.com
URL
https://cdn.slidesharecdn.com/ss_thumbnails/crowdstrikefilelesscrowdcastss-170725183300-thumbnail-2.jpg?cb=1501008027
Domain
cdn.slidesharecdn.com
URL
https://cdn.slidesharecdn.com/ss_thumbnails/fileless-malware-infections-171112215944-thumbnail-2.jpg?cb=1510524254
Domain
cdn.slidesharecdn.com
URL
https://cdn.slidesharecdn.com/ss_thumbnails/emailthreats2017-171103145944-thumbnail-2.jpg?cb=1509721385
Domain
cdn.slidesharecdn.com
URL
https://cdn.slidesharecdn.com/ss_thumbnails/writingjavascriptwithoutnumbersorletters-160416044325-thumbnail-2.jpg?cb=1460781836
Domain
cdn.slidesharecdn.com
URL
https://cdn.slidesharecdn.com/ss_thumbnails/thememoryremains-170204175001-thumbnail-2.jpg?cb=1494691362

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| NREUM object| newrelic function| __nr_require object| _comscore object| slideshare_object object| html5 object| Modernizr object| _gaq function| MobilePromo function| MessageBar object| ssClientUtils object| Handlebars function| loadCSS function| RumTracking object| mobile_util function| setImmediate function| clearImmediate function| $ function| jQuery function| FastClick object| jSecure function| log function| error function| dir function| info function| getUrlVars function| getUrlVarsAsObject function| getUrlVar function| addUrlVar function| location_without_params function| isInternalRedirect function| cookie function| isBrowserMSIE function| isEuLocale function| updateMainNavPaddingBottom function| initTOSBanner object| liTrackClient object| IntlPolyfill object| t8 object| xmessage object| Foundation function| ModalShare function| PlayerModalShare function| SSLastScreen function| SSReplayScreen function| SSShareWidgets function| SSShareOptions function| SSSlideDisplayer function| SSTouchInteraction function| SSToolbar function| SSPlayerController function| SSPlayer function| SSResource function| SSSlide function| SSFontResource function| SSHtmlResource function| SSImageResource function| SSMetaResource function| SSBgImageResource function| SSFallbackImageResource function| SSBandInteraction function| SSInfographicDisplayer function| SSInfographicSlide function| SSPresentationDisplayer function| SSPresentationSlide function| SSVideoEmbedSlide function| isMobile boolean| isIEAllVersion object| player string| newRedirectUri object| e object| _gat object| gaGlobal function| SSComments function| SSContactsFollow function| loadDataForSlide string| _bizo_data_partner_id object| pageTracker function| linkedInShareSuccess function| track_beforeunload_event object| ssComments object| ssContactsFollow object| slideviewInteraction function| initiate_login_modal object| liAds function| _bizo_local_logger function| _bizo_fire_partners boolean| _bizo_main_already_called

1 Cookies

Domain/Path Name / Value
.www.linkedin.com/ Name: lissc2
Value: 1

1 Console Messages

Source Level URL
Text
console-api info URL: https://www.linkedin.com/csp/javascript?random=206790105576491600&div=sponsored-content-1&style=false(Line 1)
Message:
No matching sponsored content found for div(id=sponsored-content-1)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.slidesharecdn.com
image.slidesharecdn.com
js-agent.newrelic.com
public.slidesharecdn.com
px.ads.linkedin.com
sb.scorecardresearch.com
sjs.bizographics.com
ssl.google-analytics.com
www.google.com
www.linkedin.com
www.slideshare.net
cdn.slidesharecdn.com
js-agent.newrelic.com
public.slidesharecdn.com
sb.scorecardresearch.com
2.18.232.80
2a00:1450:4001:817::2008
2a00:1450:4001:820::2004
2a02:26f0:6c00:293::3adf
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
2a05:f500:10:101::b93f:910a
0aa91ae757d194c2473013d9a2d81b09ce1e25a51031d9e98861f2a7bc419b1f
0dc02e2f171daa8bd4f00a3b9620f047a0add2f1eda658cfe5080e2ab811571d
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1a61e513c7ab3b10a662377873559691b61f9ea5f6ffd9891cf6088caa0f0a61
1f476cbc6b0d4ba00f6dfde7a8e8d9a4d4703e43c727c96ac7dc7589295f8320
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
4689cfa9db2bfcc56ff2c81f74f88cc12d4676bf07e077aafdf0136a4bd1182a
4d539b9c084c8517bfdd2214cd48ac7bf1e521f8e772900dc426fd5d789bcdf7
57f061aa58e9c8627c79ae2f6e886757a79bbaadef570933ab53494db937641d
62491dc88ed4a757424761f208be0282ad4f7b928b6bbd6c035de7348831ac92
6a20c8cc88968d762c349434d682c88361cb2c768f413e912b4baaaf7083133e
79e24071137dc49a79438ee82111be3f4d55a817591e8914eb7cd7fa8d812878
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
96afe9995f8b041ac09f7b30a70754bf2edde70687c0a5705c408ab1e7a44452
addfd8f94f5f4de95fb6b0800aaad40b870f5044fe256aa7302786e7d978fe0a
b7920dfbc544df67700f10902f2a329650bb8d6e6b85ed4d8d9a20f0e0d04fc4
b9621f7fc8b2716fb20e715e51cb11e356da9d0bd5227cc8bbaec7b47cff0d45
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c81ab292345d8475730f250b72d707bd957dc73f25a4acf6142c88cd4327682e
cd36dd1743e77c1609d4504eb6d2dd782e0a44f81a479b2965c3d55939e91f3c
d43cf775e7609f1274a4cd97b7649be036b01a6e22d6a04038ecd51811652cf7
d97bee40823658ba367a5e50235e71e2190a70f384ef62c775279a51d2b118f8
dcd260b5b5bdec09ed384b9677993518240832abb9916b704aa44e6001bdc4c7
dd652d51e25887a1ba0ef0be0d5e095c84578caf1b20da0c65178e359319ff27
e13f5470cbcf6b1d42f7d9e26557c650fc9a59dfab21916e7a727dc3f4feefa2
e3870de89716b72cb61a4bba0e17c75783b361cdaba35ea96961c3070bd8ca18
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73b93e896c9489001ca01c372056b2d8cea37c3649029ef0c6014eebcdaa859
e810c92891cc7d09e5a156245286cb858e3aca6dc7380c0e83c555ed6d878e5c
fcf2a6af7f2dde79b3ce7c8f9698fa196ab594502d70965257c7de4520afc9bb
fd34f28c91848fee1678f18100e1cd08156c7d737fd6c056ec87b73e4d95ef7e