www.jaiminton.com Open in urlscan Pro
2606:4700:3031::6815:2897 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.jaiminton.com/cheatsheet/DFIR/
Submission: On April 11 via manual (April 11th 2023, 9:55:50 am UTC) from US — Scanned from DE

Summary HTTP 22 Redirects Links 260 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3031::6815:2897, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.jaiminton.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 18th 2023. Valid for: a year.

This is the only time www.jaiminton.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
20	2606:4700:303... 2606:4700:3031::6815:2897	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:e2:... 2606:4700:e2::ac40:840f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	3

20 2606:4700:3031::6815:2897 (United States)

ASN13335 (CLOUDFLARENET, US)

www.jaiminton.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:840f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	jaiminton.com www.jaiminton.com	1 MB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1030	6 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1034	391 KB
22	3

	Domain	Requested by
20	www.jaiminton.com	www.jaiminton.com static.cloudflareinsights.com
1	static.cloudflareinsights.com	www.jaiminton.com
1	use.fontawesome.com	www.jaiminton.com
22	3

This site contains links to these domains. Also see Links.

Domain
buymeacoff.ee
www.hackthebox.eu
www.openbugbounty.org
twitter.com
www.linkedin.com
github.com
www.youtube.com
infosec.exchange
binalyze.com
irec.readthedocs.io
belkasoft.com
resources.infosecinstitute.com
www.magnetforensics.com
www.volexity.com
docs.microsoft.com
winpmem.velocidex.com
accessdata.com
www.x-ways.net
www.guidancesoftware.com
guymager.sourceforge.io
thedfirreport.com
stackoverflow.com
www.trustedsec.com
blog.didierstevens.com
gist.github.com
www.thezdi.com
modexp.wordpress.com
www.hexacorn.com
ericzimmerman.github.io
support.microsoft.com
attack.mitre.org
learn-powershell.net
blog.xpnsec.com
www.inversecos.com
www.sans.org
learn.microsoft.com
www.crowdstrike.com
medium.com
www.ired.team
plaso.readthedocs.io
www.cyber.gov.au
adsecurity.org
blog.ropnop.com
exiftool.org
malicious.link
blog.truesec.com
techcommunity.microsoft.com
en.wikipedia.org
msrc-blog.microsoft.com
aboutdfir.com
www.nirsoft.net
www.edgemanage.emmet-gray.com
www.foxtonforensics.com
developers.google.com
support.mozilla.org
regauth.standards.ieee.org
www.wireshark.org
unit42.paloaltonetworks.com
mitmproxy.org
wiki.wireshark.org
devblogs.microsoft.com
powerforensics.readthedocs.io
grr-doc.readthedocs.io
b2dfir.blogspot.com
cert.europa.eu
www.dfrws.org
gitlab.unizar.es
volatility3.readthedocs.io
learn.duffandphelps.com
downloads.digitalcorpora.org
www.forensicdots.de
gchq.github.io
urlscan.io
www.websiteplanet.com
unshorten.me
lolbas-project.github.io
gtfobins.github.io
malapi.io
lots-project.com
filesec.io
www.loldrivers.io
www.osquery.io
www.velocidex.com
b2xtranslator.sourceforge.net
arsenalrecon.com
www.sleuthkit.org
digital-forensics.sans.org
andreafortuna.org
www.guru99.com
bytefreaks.net
blog.apnic.net
www.mac4n6.com
forensics.wiki
docs.google.com
www.objective-see.com
car.mitre.org
redcanary.com
ss64.com
www.dfir.training
blog.commandlinekungfu.com
forensicswiki.org
mikefrobbins.com
blogs.technet.microsoft.com
tools.ietf.org
www.cybereason.com
www.datadigitally.com
www.bsk-consulting.de
www.blackhat.com
social.technet.microsoft.com
www.pdq.com
www.linuxnix.com
blogs.msdn.microsoft.com
az4n6.blogspot.com
www.a12d404.net
www.fireeye.com
www.microsoft.com
www.slideshare.net
dfironthemountain.wordpress.com
malware-traffic-analysis.net
posts.specterops.io
www.trustwave.com
www.facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-18` - `2024-02-18`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.jaiminton.com/cheatsheet/DFIR/
Frame ID: 778BE27F401C34F1F19CE77086490B43
Requests: 19 HTTP requests in this frame

Frame: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1681200000
Frame ID: 4D8601670C4550CB4A0007C87C904B46
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Digital Forensics and Incident Response : Jai Minton

Detected technologies

particles.js (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

/particles(?:\.min)?\.js

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

22
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

1658 kB
Transfer

2925 kB
Size

1
Cookies

260 Outgoing links

These are links going to different origins than the main page.

URL: https://buymeacoff.ee/JaiMinton
Title: ☕ Buy me a coffee

Search URL Search Domain Scan URL

URL: https://www.hackthebox.eu/profile/10636
Title: Hack The Box

Search URL Search Domain Scan URL

URL: https://www.openbugbounty.org/researchers/JPMinty/
Title: Open Bug Bounty

Search URL Search Domain Scan URL

URL: https://twitter.com/CyberRaiju
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/JaiMinton
Title: LinkedIN

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty
Title: GitHub

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCGd1PoFk6FRDkYIMUYEWy4g
Title: YouTube

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@CyberRaiju
Title: Mastodon

Search URL Search Domain Scan URL

URL: https://github.com/ForensicArtifacts/artifacts/tree/master/data
Title: ForensicArtifacts

Search URL Search Domain Scan URL

URL: https://github.com/cloudbase/powershell-yaml
Title: ConvertFrom-Yaml module

Search URL Search Domain Scan URL

URL: https://github.com/jschicht/RawCopy
Title: RawCopy

Search URL Search Domain Scan URL

URL: https://binalyze.com/products/irec
Title: Binalyze IREC Evidence Collector

Search URL Search Domain Scan URL

URL: https://irec.readthedocs.io/en/latest/commandline.html
Title: Latest documentation

Search URL Search Domain Scan URL

URL: https://belkasoft.com/get?product=ram
Title: Belkasoft Live RAM Capturer

Search URL Search Domain Scan URL

URL: https://resources.infosecinstitute.com/memory-analysis-using-redline/
Title: Infosec Institute - Memory Analysis using Redline

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet/status/1273264867382788096?s=20
Title: Grzegorz Tworek - 0gtweet

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/resources/?cat=Free%20Tool
Title: Magnet Forensics Tools

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/free-tool-magnet-ram-capture
Title: Magnet RAM Capture

Search URL Search Domain Scan URL

URL: https://www.magnetforensics.com/resources/magnet-process-capture/
Title: Magnet Process Capture

Search URL Search Domain Scan URL

URL: https://www.volexity.com/blog/2018/06/12/surge-collect-provides-reliable-memory-acquisition-across-windows-linux-and-macos/
Title: Volexity Surge

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/livekd
Title: Microsoft LiveKd

Search URL Search Domain Scan URL

URL: https://github.com/Velocidex/WinPmem/releases
Title: Winpmem

Search URL Search Domain Scan URL

URL: https://winpmem.velocidex.com/docs/memory/
Title: Winpmem Docs

Search URL Search Domain Scan URL

URL: https://accessdata.com/product-download
Title: FTK Imager (Cmd version, mostly GUI for new versions)

Search URL Search Domain Scan URL

URL: https://www.x-ways.net/order.html
Title: X-Ways Imager

Search URL Search Domain Scan URL

URL: https://www.guidancesoftware.com/encase-forensic
Title: Encase Forensic

Search URL Search Domain Scan URL

URL: https://www.guidancesoftware.com/tableau/download-center
Title: Tableau Imager

Search URL Search Domain Scan URL

URL: https://guymager.sourceforge.io/
Title: Guymager

Search URL Search Domain Scan URL

URL: https://github.com/sleuthkit/scalpel
Title: Scalpel

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enter-pssession?view=powershell-6
Title: Powershell

Search URL Search Domain Scan URL

URL: https://twitter.com/barnabyskeggs
Title: Special thanks Barnaby Skeggs

Search URL Search Domain Scan URL

URL: https://thedfirreport.com/2022/04/25/quantum-ransomware/
Title: Special Thanks, created from intel by The DFIR Report

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/29937568/how-can-i-find-the-product-guid-of-an-installed-msi-setup/29937569#29937569
Title: Special Thanks

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
Title: Quick overview of persistent locations (AutoRuns)

Search URL Search Domain Scan URL

URL: https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/
Title: Windows Telemetry Controller - Special Thanks to TrustedSec

Search URL Search Domain Scan URL

URL: https://blog.didierstevens.com/2007/02/19/restoring-safe-mode-with-a-reg-file/
Title: Didier Stevens

Search URL Search Domain Scan URL

URL: https://blog.didierstevens.com/2006/06/22/save-safeboot/
Title: multiple times

Search URL Search Domain Scan URL

URL: https://stackoverflow.com/questions/660319/where-can-i-find-all-of-the-com-objects-that-can-be-created-in-powershell
Title: Original by Jeff Atwood

Search URL Search Domain Scan URL

URL: https://github.com/jay/gethooks/releases/tag/1.01
Title: GetHooks

Search URL Search Domain Scan URL

URL: https://gist.github.com/joswr1ght/c5d9773a90a22478309e9e427073fd30
Title: Special thanks - Josh Wright

Search URL Search Domain Scan URL

URL: https://twitter.com/markus_pieton/status/1189559716453801991
Title: Markus Piéton

Search URL Search Domain Scan URL

URL: https://www.thezdi.com/blog/2021/8/17/from-pwn2own-2021-a-new-attack-surface-on-microsoft-exchange-proxyshell
Title: ProxyShell

Search URL Search Domain Scan URL

URL: https://modexp.wordpress.com/2019/07/27/process-injection-winsock/
Title: Special Thanks - odzhan

Search URL Search Domain Scan URL

URL: https://www.hexacorn.com/blog/2015/01/13/beyond-good-ol-run-key-part-24/
Title: Special Thanks - Hexacorn

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/fileio/master-file-table
Title: Microsoft Docs

Search URL Search Domain Scan URL

URL: https://ericzimmerman.github.io/#!index.md
Title: MFTExplorer

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4055535/how-to-disable-equation-editor-3-0
Title: More information on the below process

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1038/
Title: DLL Search Order Hijacking

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order
Title: Microsoft Docs

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1073/
Title: Dll Side Loading

Search URL Search Domain Scan URL

URL: https://learn-powershell.net/2014/05/09/quick-hits-list-all-available-wmi-namespaces-using-powershell/
Title: Enumerate WMI Namespaces

Search URL Search Domain Scan URL

URL: https://github.com/gentilkiwi/mimikatz/blob/master/kiwi_passwords.yar
Title: Mimikatz Yara rule

Search URL Search Domain Scan URL

URL: https://blog.xpnsec.com/exploring-mimikatz-part-1/
Title: Adam Chester

Search URL Search Domain Scan URL

URL: https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
Title: Grzegorz Tworek

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/danderspritz-evtx
Title: DanderSpritz eventlogedit

Search URL Search Domain Scan URL

URL: https://www.inversecos.com/2022/08/how-to-detect-oauth-access-token-theft.html
Title: Inversecos - How to Detect OAuth Access Token Theft in Azure

Search URL Search Domain Scan URL

URL: https://www.sans.org/posters/enterprise-cloud-forensics-incident-response-poster/
Title: Poster

Search URL Search Domain Scan URL

URL: https://github.com/CrowdStrike/CRT
Title: CrowdStrike CRT

Search URL Search Domain Scan URL

URL: https://gist.github.com/JPMinty/f4d60adafdfbc12b0e4226a27bf1dcb0
Title: PowerShell Module to show Process Tree

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings
Title: ACE Strings

Search URL Search Domain Scan URL

URL: https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-string-format
Title: Syntax of Security Descriptor String

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/listdlls
Title: ListDLLs

Search URL Search Domain Scan URL

URL: https://twitter.com/mattifestation/status/1366435525272481799
Title: Matt Graeber

Search URL Search Domain Scan URL

URL: https://gist.github.com/mgraeber-rc/7b9f4d497d75967afc58209df611508b
Title: Windows Defender Application Control system integrity policy

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/strings
Title: Strings

Search URL Search Domain Scan URL

URL: https://github.com/Neo23x0/Loki
Title: Loki Scanner

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/resources/community-tools/crowdresponse/
Title: Crowdresponse Scanner

Search URL Search Domain Scan URL

URL: https://binalyze.com/download/irec/
Title: IREC Tactical

Search URL Search Domain Scan URL

URL: https://github.com/virustotal/yara/releases/latest
Title: Yara

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty/PowerShellArsenal
Title: PowerShellArsenal

Search URL Search Domain Scan URL

URL: https://gist.github.com/JPMinty/beffcd18d8ec06b73643c2f38cde384d
Title: Get-InjectedThread

Search URL Search Domain Scan URL

URL: https://github.com/rapid7/metasploit-framework/wiki/Meterpreter
Title: Meterpreter Wiki

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4013567/how-to-disable-internet-explorer-on-windows
Title: More Information: MS Docs

Search URL Search Domain Scan URL

URL: https://github.com/BeanBagKing/EventFinder2
Title: Event Finder2

Search URL Search Domain Scan URL

URL: https://twitter.com/0gtweet/status/1182516740955226112
Title: Grzegorz Tworek - 0gtweet

Search URL Search Domain Scan URL

URL: https://github.com/brimorlabs/KStrike
Title: User Access Logging (UAL) KStrike Parser

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/administration/user-access-logging/manage-user-access-logging
Title: here

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/user-access-logging-ual-overview/
Title: CrowdStrike Blog - Patrick Bennett

Search URL Search Domain Scan URL

URL: https://github.com/sans-blue-team/DeepBlueCLI
Title: DeepblueCLI

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/etw/about-event-tracing
Title: Event Tracing Architecture

Search URL Search Domain Scan URL

URL: https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
Title: post by Matt Graeber

Search URL Search Domain Scan URL

URL: https://twitter.com/spotheplanet
Title: Spotless

Search URL Search Domain Scan URL

URL: https://www.ired.team/miscellaneous-reversing-forensics/etw-event-tracing-for-windows-101
Title: crash course

Search URL Search Domain Scan URL

URL: https://plaso.readthedocs.io/en/latest/
Title: Plaso (Log2Timeline)

Search URL Search Domain Scan URL

URL: https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-004-remote-code-execution-vulnerability-being-actively-exploited-vulnerable-versions-teleriktelerik-ui-sophisticated-actors
Title: Australian Cyber Security Centre

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Title: here

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/wmi-architecture
Title: Microsoft Docs - WMI Architecture

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732952(v=ws.11)
Title: DSQuery

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc772217(v=ws.11)
Title: Netdom

Search URL Search Domain Scan URL

URL: https://adsecurity.org/?p=2398#MimikatzDCSync
Title: AD Security Blog by Sean Metcalf

Search URL Search Domain Scan URL

URL: https://github.com/clymb3r/PowerShell/blob/master/Invoke-NinjaCopy/Invoke-NinjaCopy.ps1
Title: Invoke-NinjaCopy

Search URL Search Domain Scan URL

URL: https://blog.ropnop.com/extracting-hashes-and-domain-info-from-ntds-dit/
Title: Ropnop - Extract Hashes and Domain Info

Search URL Search Domain Scan URL

URL: https://github.com/gdelugre/origami
Title: Github Download

Search URL Search Domain Scan URL

URL: https://exiftool.org/forum/index.php?topic=7227.0
Title: Phil Harvey

Search URL Search Domain Scan URL

URL: https://github.com/ANSSI-FR/bmc-tools
Title: BMC-Tools

Search URL Search Domain Scan URL

URL: https://malicious.link/post/2022/blocking-iso-mounting/
Title: Special Thanks - Mubix

Search URL Search Domain Scan URL

URL: https://twitter.com/gentilkiwi/status/1412483747321192451
Title: Flow chart

Search URL Search Domain Scan URL

URL: https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
Title: truesec

Search URL Search Domain Scan URL

URL: https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Title: here

Search URL Search Domain Scan URL

URL: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/internet-explorer-11-desktop-app-retirement-faq/ba-p/2366549
Title: Microsoft recommends future app development not use the MSHTML (Trident) engine

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Trident_%28layout_engine%29
Title: here

Search URL Search Domain Scan URL

URL: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Title: MSRC

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/secauthz/impersonation-levels
Title: Microsoft

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/wbadmin-start-backup
Title: wbadmin

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-date
Title: Get-Date

Search URL Search Domain Scan URL

URL: https://aboutdfir.com/new-windows-11-pro-22h2-evidence-of-execution-artifact/
Title: publicised this

Search URL Search Domain Scan URL

URL: https://github.com/decalage2/oletools/wiki/olevba
Title: olevba

Search URL Search Domain Scan URL

URL: https://github.com/chrisjd20/power_dump
Title: powerdump

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/ese_database_view.html
Title: ESE Database View

Search URL Search Domain Scan URL

URL: http://www.edgemanage.emmet-gray.com/Articles/ViewESE.html
Title: View ESE Database

Search URL Search Domain Scan URL

URL: https://medium.com/@7a616368/can-you-track-processes-accessing-the-camera-and-microphone-7e6885b37072
Title: Medium Post

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-shllink/16cb4ca1-9339-4d0c-a68d-bf1d6cc0f943
Title: File format specification

Search URL Search Domain Scan URL

URL: https://github.com/MarkBaggett/srum-dump
Title: SRUM-Dump

Search URL Search Domain Scan URL

URL: https://github.com/microsoft/etl2pcapng/releases
Title: Download

Search URL Search Domain Scan URL

URL: https://github.com/JPMinty/PowerShell/blob/master/Scripts/Convert-ROT13.ps1
Title: Convert-ROT13.ps1

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/ie_cache_viewer.html
Title: IE Cache Viewer

Search URL Search Domain Scan URL

URL: https://www.foxtonforensics.com/browser-history-viewer/
Title: Browser History Viewer

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/browsing_history_view.html
Title: Browsing History View

Search URL Search Domain Scan URL

URL: https://developers.google.com/web/fundamentals/primers/service-workers/
Title: Service Worker Reference

Search URL Search Domain Scan URL

URL: https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data#w_what-information-is-stored-in-my-profile
Title: More Information

Search URL Search Domain Scan URL

URL: https://github.com/thumbcacheviewer/thumbcacheviewer
Title: Thumbcacheviewer

Search URL Search Domain Scan URL

URL: https://regauth.standards.ieee.org/standards-ra-web/pub/view.html#registries
Title: IEEE Webpage

Search URL Search Domain Scan URL

URL: https://www.wireshark.org/docs/man-pages/wireshark-filter.html
Title: General Wireshark Filter Reference

Search URL Search Domain Scan URL

URL: https://www.wireshark.org/docs/dfref/
Title: Full Wireshark Display Filter Reference

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/unit42-customizing-wireshark-changing-column-display/
Title: Customizing Wireshark – Changing Your Column Display

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/
Title: Using Wireshark – Display Filter Expressions

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/
Title: Using Wireshark: Identifying Hosts and Users

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/
Title: Using Wireshark: Exporting Objects from a Pcap

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-trickbot-infections/
Title: Wireshark Tutorial: Examining Trickbot Infections

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/
Title: Wireshark Tutorial: Examining Ursnif Infections

Search URL Search Domain Scan URL

URL: https://github.com/moxie0/sslstrip
Title: MITM Through SSLStrip

Search URL Search Domain Scan URL

URL: https://mitmproxy.org/
Title: MITM Through mitmproxy

Search URL Search Domain Scan URL

URL: https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret
Title: Using the (Pre)-Master-Secret SSLKEYLOGFILE

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/archive/blogs/nettracer/decrypting-ssltls-sessions-with-wireshark-reloaded
Title: Using an RSA Private Key

Search URL Search Domain Scan URL

URL: https://www.wireshark.org/docs/man-pages/mergecap.html
Title: mergecap

Search URL Search Domain Scan URL

URL: https://github.com/woanware/usbdeviceforensics
Title: More Information

Search URL Search Domain Scan URL

URL: https://github.com/analyzeDFIR/analyzePF
Title: analyzePF

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/win_prefetch_view.html
Title: WinPrefetchView

Search URL Search Domain Scan URL

URL: https://devblogs.microsoft.com/powershell/powershell-the-blue-team/
Title: PowerShell ♥ the Blue Team

Search URL Search Domain Scan URL

URL: https://powerforensics.readthedocs.io/en/latest/
Title: PowerForensics

Search URL Search Domain Scan URL

URL: https://github.com/google/grr
Title: Google Rapid Response

Search URL Search Domain Scan URL

URL: https://github.com/davehull/Kansa
Title: Kansa PowerShell IR Framework

Search URL Search Domain Scan URL

URL: https://grr-doc.readthedocs.io/en/latest/index.html
Title: GRR Docs

Search URL Search Domain Scan URL

URL: https://b2dfir.blogspot.com/2018/11/windows-powershell-remoting-host-based.html
Title: Thanks Barnaby Skeggs

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#administrative-tools-and-logon-types
Title: Microsoft Documentation

Search URL Search Domain Scan URL

URL: https://cert.europa.eu/static/WhitePapers/CERT-EU_SWP_17-002_Lateral_Movements.pdf
Title: Cert EU

Search URL Search Domain Scan URL

URL: http://www.dfrws.org/sites/default/files/session-files/characteristics_and_detectability_of_windows_auto-start_extensibility_points_in_memory_forensics.pdf
Title: Research Paper

Search URL Search Domain Scan URL

URL: https://gitlab.unizar.es/rrodrigu/winesap
Title: Volatility Plugin - Winesap

Search URL Search Domain Scan URL

URL: https://github.com/csababarta/volatility_plugins
Title: csababarta plugins

Search URL Search Domain Scan URL

URL: https://github.com/volatilityfoundation/volatility3/
Title: Version 3 of Volatility

Search URL Search Domain Scan URL

URL: https://volatility3.readthedocs.io/en/latest/basics.html
Title: ReadTheDocs

Search URL Search Domain Scan URL

URL: https://github.com/keydet89/RegRipper3.0
Title: RegRipper

Search URL Search Domain Scan URL

URL: https://learn.duffandphelps.com/kape
Title: Kape

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=L9H1uj2HSb8
Title: Video Tutorial

Search URL Search Domain Scan URL

URL: https://github.com/cyb3rpeace/chainsaw
Title: Chainsaw

Search URL Search Domain Scan URL

URL: https://github.com/mandiant/ShimCacheParser
Title: ShimCaheParser

Search URL Search Domain Scan URL

URL: http://downloads.digitalcorpora.org/downloads/bulk_extractor/
Title: Bulk Extractor

Search URL Search Domain Scan URL

URL: https://www.forensicdots.de/
Title: ForensicDots

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Machine_Identification_Code
Title: Machine Identification Code

Search URL Search Domain Scan URL

URL: https://gchq.github.io/CyberChef/
Title: Cyber Chef

Search URL Search Domain Scan URL

URL: https://github.com/gchq/CyberChef
Title: Github

Search URL Search Domain Scan URL

URL: https://urlscan.io/
Title: URLScan

Search URL Search Domain Scan URL

URL: https://www.websiteplanet.com/webtools/redirected/?url=
Title: Redirect Tracker

Search URL Search Domain Scan URL

URL: https://unshorten.me/
Title: Unshorten Me

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/
Title: MITRE ATT&CK® Framework

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/
Title: LOLBAS Project

Search URL Search Domain Scan URL

URL: https://gtfobins.github.io/
Title: GTFOBins

Search URL Search Domain Scan URL

URL: https://malapi.io/
Title: MalAPI.io

Search URL Search Domain Scan URL

URL: https://lots-project.com/
Title: LOTS-Project

Search URL Search Domain Scan URL

URL: https://filesec.io/
Title: Filesec.io

Search URL Search Domain Scan URL

URL: https://www.loldrivers.io/
Title: LOLDrivers.io

Search URL Search Domain Scan URL

URL: https://www.osquery.io/
Title: OSQuery

Search URL Search Domain Scan URL

URL: https://www.velocidex.com/docs/
Title: Velociraptor

Search URL Search Domain Scan URL

URL: https://github.com/kirk-sayre-work/ViperMonkey
Title: ViperMonkey

Search URL Search Domain Scan URL

URL: https://github.com/DissectMalware/XLMMacroDeobfuscator
Title: XLM Macro Deobfuscator

Search URL Search Domain Scan URL

URL: http://b2xtranslator.sourceforge.net/snapshots/BiffView.zip
Title: BiffView

Search URL Search Domain Scan URL

URL: https://arsenalrecon.com/downloads/
Title: Arsenal Image Mounter

Search URL Search Domain Scan URL

URL: https://accessdata.com/product-download/ftk-imager-version-4-2-1
Title: FTK Imager

Search URL Search Domain Scan URL

URL: https://www.sleuthkit.org/autopsy/download.php
Title: Autopsy

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/office365/securitycompliance/search-for-and-delete-messages-in-your-organization
Title: this documentation

Search URL Search Domain Scan URL

URL: https://github.com/comaeio/SwishDbgExt
Title: Comaeio SwishDbgExt

Search URL Search Domain Scan URL

URL: https://digital-forensics.sans.org/media/DFPS_FOR508_v4.6_4-19.pdf
Title: Excellent SANS Reference

Search URL Search Domain Scan URL

URL: https://github.com/504ensicsLabs/LiME/releases
Title: LiME

Search URL Search Domain Scan URL

URL: https://github.com/Velocidex/c-aff4/releases/
Title: LinPMem

Search URL Search Domain Scan URL

URL: https://github.com/SekoiaLab/Fastir_Collector_Linux
Title: FastIR

Search URL Search Domain Scan URL

URL: https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
Title: LinEnum

Search URL Search Domain Scan URL

URL: https://andreafortuna.org/2019/05/08/iptables-a-simple-cheatsheet/
Title: AndreaFortuna Cheatsheet

Search URL Search Domain Scan URL

URL: https://www.guru99.com/file-permissions.html
Title: File Permissions in Linux

Search URL Search Domain Scan URL

URL: https://bytefreaks.net/gnulinux/how-to-capture-all-network-traffic-of-a-single-process
Title: System Calls / Network Traffic

Search URL Search Domain Scan URL

URL: https://blog.apnic.net/2019/10/14/how-to-basic-linux-malware-process-forensics-for-incident-responders/
Title: Craig Rowland - Sandfly Security

Search URL Search Domain Scan URL

URL: https://twitter.com/iamevltwin
Title: Sarah Edwards

Search URL Search Domain Scan URL

URL: https://www.mac4n6.com/
Title: Mac4n6

Search URL Search Domain Scan URL

URL: https://digital-forensics.sans.org/media/FOR518-Reference-Sheet.pdf
Title: SANS FOR518 Reference Sheet

Search URL Search Domain Scan URL

URL: https://forensics.wiki/mac_os_x_10.9_artifacts_location/
Title: Mac OS X 10.9 Forensics Wiki

Search URL Search Domain Scan URL

URL: https://forensics.wiki/mac_os_x/
Title: Mac OS X Forensics Wiki

Search URL Search Domain Scan URL

URL: https://docs.google.com/spreadsheets/d/1X2Hu0NE2ptdRj023OVWIGp5dqZOw-CfxHLOW_GNGpX8/edit#gid=1317205466
Title: Mac OS X Forensics Artifacts Spreadsheet

Search URL Search Domain Scan URL

URL: https://github.com/wrmsr/pmem/tree/master/OSXPMem
Title: OSXPMem

Search URL Search Domain Scan URL

URL: https://github.com/google/rekall/releases/download/1.7.2rc1/rekall-OSX-1.7.2rc1.zip
Title: MacPmem

Search URL Search Domain Scan URL

URL: https://www.objective-see.com/products/knockknock.html
Title: Quick Overview (KnockKnock)

Search URL Search Domain Scan URL

URL: https://car.mitre.org/
Title: MITRE Cyber Analytics Repository

Search URL Search Domain Scan URL

URL: https://redcanary.com/atomic-red-team/
Title: Atomic Red Team

Search URL Search Domain Scan URL

URL: https://github.com/meirwah/awesome-incident-response
Title: Awesome Incident Response

Search URL Search Domain Scan URL

URL: https://github.com/Cugu/awesome-forensics
Title: Awesome Forensics

Search URL Search Domain Scan URL

URL: https://github.com/n0fate/mac-osx-forensics
Title: Mac OSX Forensics

Search URL Search Domain Scan URL

URL: https://github.com/pstirparo/mac4n6
Title: Unofficial Mac 4n6 Resources

Search URL Search Domain Scan URL

URL: https://ss64.com/osx/
Title: Apple macOS command line (OS X bash)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/13cubed
Title: 13Cubed

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=HcUMXxyYsnw
Title: John Strand Windows Live Forensics

Search URL Search Domain Scan URL

URL: https://www.dfir.training/resources/downloads/windows-registry
Title: DFIR Training Windows Registry

Search URL Search Domain Scan URL

URL: http://blog.commandlinekungfu.com/
Title: Commandlinekungfu

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc787567(v=ws.10)
Title: Microsoft Audit Logon Events

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/desktop/CIMWin32Prov/win32-logonsession
Title: Windows Dev Win32_LogonSession

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=cYphLiySAC4
Title: Black Hills Information Security Windows Memory Forensics

Search URL Search Domain Scan URL

URL: https://forensicswiki.org/wiki/Main_Page
Title: Forensics Wiki

Search URL Search Domain Scan URL

URL: https://wiki.wireshark.org/DisplayFilters
Title: Wireshark Wiki

Search URL Search Domain Scan URL

URL: https://github.com/AustralianCyberSecurityCentre/windows_event_logging
Title: ACSC Github

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus
Title: Windows Defender Docs

Search URL Search Domain Scan URL

URL: https://mikefrobbins.com/2013/12/19/using-powershell-to-remove-phishing-emails-from-user-mailboxes-on-an-exchange-server/
Title: Mikefrobbins

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/office365/securitycompliance/search-for-and-delete-messagesadmin-help
Title: Microsoft Office365

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/search-mailbox
Title: Microsoft Exchange

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768
Title: Microsoft Threat Protection

Search URL Search Domain Scan URL

URL: https://adsecurity.org/?page_id=1821
Title: ADsecurity

Search URL Search Domain Scan URL

URL: https://twitter.com/wincmdfu
Title: Windows cmd fu

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/kovter-killer-how-to-remediate-the-apt-of-clickjacking/
Title: Crowdstrike

Search URL Search Domain Scan URL

URL: https://blogs.technet.microsoft.com/tip_of_the_day/2015/03/28/tip-of-the-day-reading-the-usn-journal/
Title: Technet Blog

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/rfc3227#section-2.1
Title: IETF RFC3227

Search URL Search Domain Scan URL

URL: https://www.cybereason.com/blog/adobe-worm-faker-uses-lolbins-and-dynamic-techniques-to-deliver-customized-payloads
Title: Cybereason Adobe Worm

Search URL Search Domain Scan URL

URL: https://medium.com/@melanijan93/windows-10-mail-app-forensics-39025f5418d2
Title: Melanijan93 Windows 10 mail forensics

Search URL Search Domain Scan URL

URL: https://www.cybereason.com/blog/triple-threat-emotet-deploys-trickbot-to-steal-data-spread-ryuk-ransomware
Title: Cybereason Trickbot

Search URL Search Domain Scan URL

URL: https://www.datadigitally.com/2019/06/retrieving-memory-image-remotely.html
Title: Bryan Ambrose

Search URL Search Domain Scan URL

URL: https://twitter.com/Lee_Holmes
Title: Lee Holmes

Search URL Search Domain Scan URL

URL: https://www.bsk-consulting.de/2014/08/28/scan-system-files-manipulations-yara-inverse-matching-22/
Title: Florian Roth

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf
Title: Matt Graeber

Search URL Search Domain Scan URL

URL: https://social.technet.microsoft.com/wiki/contents/articles/4242.wmi-discovery-using-powershell.aspx
Title: Vasily Gusev

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4672
Title: MS Docs 4672

Search URL Search Domain Scan URL

URL: https://www.pdq.com/blog/modifying-the-registry-users-powershell/
Title: Kris

Search URL Search Domain Scan URL

URL: https://medium.com/@fahimhossain_16989/adding-startup-scripts-to-launch-daemon-on-mac-os-x-sierra-10-12-6-7e0318c74de1
Title: Fahim Hossain

Search URL Search Domain Scan URL

URL: https://www.linuxnix.com/linux-directory-structure-explainedetc-folder/
Title: Surendra Anne

Search URL Search Domain Scan URL

URL: https://digital-forensics.sans.org/media/SANS_Poster_2018_Hunt_Evil_FINAL.pdf
Title: SANS Hunt Evil

Search URL Search Domain Scan URL

URL: https://blogs.msdn.microsoft.com/servergeeks/2014/10/14/active-directory-files-and-their-functions/
Title: Habibar Rahmen - MSDN Blog

Search URL Search Domain Scan URL

URL: https://az4n6.blogspot.com/2014/10/timestomp-mft-shenanigans.html
Title: Mari DeGrazia

Search URL Search Domain Scan URL

URL: https://www.a12d404.net/windows/2019/10/30/schedsvc-persist-without-task.html
Title: Markus Piéton

Search URL Search Domain Scan URL

URL: https://github.com/sbousseaden/Slides/blob/master/Windows%20DFIR%20Events.pdf
Title: Samir

Search URL Search Domain Scan URL

URL: https://twitter.com/SBousseaden/status/1243711784101515274/photo/1
Title: Samir - Persistence

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
Title: FireEye

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/download/details.aspx?id=36036
Title: Microsoft-Mitigating Pass-the-Hash Attacks

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/bsmuir/windows-10-forensics-os-evidentiary-artefacts
Title: Brent Muir - Windows 10 Forensics

Search URL Search Domain Scan URL

URL: https://dfironthemountain.wordpress.com/2018/12/06/locked-file-access-using-esentutl-exe/
Title: Mike Carey - Locked File Access Using ESENTUTL.exe

Search URL Search Domain Scan URL

URL: https://github.com/BornToBeRoot
Title: BornToBeRoot

Search URL Search Domain Scan URL

URL: https://malware-traffic-analysis.net/tutorials/index.html
Title: Malware-Traffic-Analysis - Brad Duncan

Search URL Search Domain Scan URL

URL: https://adsecurity.org/?p=3458
Title: ADsecurity - Detecting Kerberoasting Activity

Search URL Search Domain Scan URL

URL: https://github.com/eladshamir/Internal-Monologue
Title: eladshamir - Internal-Monologue

Search URL Search Domain Scan URL

URL: https://posts.specterops.io/defenders-think-in-graphs-too-part-1-572524c71e91
Title: Jared Atkinson - Defenders think in graphs too

Search URL Search Domain Scan URL

URL: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/more-excel-4-0-macro-malspam-campaigns/
Title: Diana Lopera - Trustwave

Search URL Search Domain Scan URL

URL: https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-004-remote-code-execution-vulnerability-being-actively-exploited-vulnerable-versions-telerik-ui-sophisticated-actors
Title: AustralianCyberSecurityCentre Advisory 2020-004

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/security/blog/2016/06/14/wheres-the-macro-malware-author-are-now-using-ole-embedding-to-deliver-malicious-files/?source=mmpc
Title: Microsoft - Where’s the Macro?

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?via=CyberRaiju&text=Digital+Forensics+and+Incident+Response%20https%3A%2F%2Fwww.jaiminton.com%2Fcheatsheet%2FDFIR%2F
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.jaiminton.com%2Fcheatsheet%2FDFIR%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.jaiminton.com%2Fcheatsheet%2FDFIR%2F
Title: LinkedIn

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.jaiminton.com/cheatsheet/DFIR/ 459 KB
99 KB 168ms
126ms Document
text/html 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 47d20107cf307d0a79ecbd1f8ff6db2e86237a692b81fbfa44383caa068d05ed

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 7b625b055d713802-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 11 Apr 2023 09:55:43 GMT
expires: Tue, 11 Apr 2023 07:39:21 GMT
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wTLGNo64UEQVjHrDKYQdptfc7k1tgniUp3JCutLghQoiLDOQqkZNqd8jAfcaSqUtpPaVTuamTy6idSUjOdKypcnrllYSgIN1XcWYxqt9e8S9tSWKpVXkzmtu17MWdX0ziYztWiGV6ku1TjyY9ZVZYg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-fastly-request-id: d91df5d07eebffb2b4786a34cac7dd7ebc5a51ef
x-github-request-id: 9342:18A2:255236D:26C6D31:64350C50
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230041-FRA
x-timer: S1681206944.591906,VS0,VE99

GET
H2 200 main.css
www.jaiminton.com/assets/css/ 62 KB
13 KB 124ms
122ms Stylesheet
text/css 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/css/main.css
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2cfbdba5cd0f63606455f32ac200a707f91e0027e5c83989b2bcd09b69926e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 15cdf87c8d4e3a7f8156837686c7efc0d13327c3
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:34:37 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230079-FRA
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
server: cloudflare
x-github-request-id: 9724:4DB1:18C9BC7:19B055A:64311709
x-timer: S1680949792.119921,VS0,VE99
etag: W/"643111b5-f97b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h1jBbOMsWtjdWFMpoygBBiMlORiMtcuO0F63%2BdWVn44QxLEteS2jQBFkpLPml99Wr9ma5sH%2BV%2BqUa5kOa%2Fb1ezxpGFv2eOFiOWsEmcrELY9FkxeKcM%2Be269sJFDfDyMscrSW%2FHgReGX%2FMg7VMNXXeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b625b063eda3802-FRA
x-cache-hits: 1

GET
H2 200 particles.js Show response
www.jaiminton.com/assets/js/ 42 KB
10 KB 125ms
122ms Script
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/particles.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89c8e085c3da89b31fd63bf88102068b931e58d1de9b64a2b29728ac28827d28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 2bb1721ceecf889d803136664e45c4fb41639ba9
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:34:37 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230109-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 65FC:8995:4EEA36:525EC6:64311708
x-timer: S1680949792.122628,VS0,VE100
etag: W/"643111a6-a801"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wD44JBTkoODYS%2FuWK5Ss2EU5M85d9uBLD298EQJT0fwTHKFSJuLqvUO%2BUJcR4VQgHFcTP2bupWcTT627RYmn4ty6fDeNWmX46sXkm8rzXNMjqHle3UMc%2FopgC1eOAVf%2B32jiaCmbamnniGd6tPgRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b625b063edc3802-FRA
x-cache-hits: 1

GET
H3 200 BlueTeam.jpg
www.jaiminton.com/assets/images/ 232 KB
233 KB 131ms
129ms Image
image/jpeg 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/BlueTeam.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 089ef3196f5de5b2bd64fde04892f6b04888b2dab0fe579bcbe61f2a31b9689e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 5e295806dffb10d1e5b91d42a3c51799e3b4ac5f
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 10:05:43 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 237994
x-served-by: cache-fra-eddf8230039-FRA
last-modified: Sat, 08 Apr 2023 07:03:01 GMT
server: cloudflare
x-github-request-id: A6B6:8995:5FE1E7:63F531:643141B9
x-timer: S1680949691.467911,VS0,VE106
etag: "643111a5-3a1aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HqtFcwi3z5yB2iTEuFyu%2F0IG1nhYcX7YtO1d0vw0iXLWZ787QdJ11tvbLsaeOQjMRUCFvns6cfJcK0FOW%2FngeqcTnQDeRwOT6P%2Br6bYui1YsSFaCNAMaNDHRtuATs5l6WN5tP2WcKPBKfugJUDSSXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b625b070da59000-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3 200 aspmuma.jpg
www.jaiminton.com/assets/images/ 97 KB
98 KB 115ms
114ms Image
image/jpeg 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/aspmuma.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d052b2e198ee9123bd0321bd86377e598024b73e1de75e67832396833ce006d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: ccf7f55427479610c77a8fe24cf321ff58a7df5c
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 02:40:37 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 99525
x-served-by: cache-fra-eddf8230088-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 20C4:C446:18F501D:19DC0BF:64311709
x-timer: S1680949697.456202,VS0,VE95
etag: "643111a6-184c5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2BB23rTTpdrimTS4E4w2p%2Bh58rApA%2FtcPXu9cra1og2HYduekZgPSrpTwHUoF3pqKd31ncnVXZAOuM34xGOAAeACFI7spFTlMqilJUtYsI9iDyrpjP4x9fd%2F8FMBxkiNdshoRU3rSI2VMzupRbc47w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b625b070da79000-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 NOK.jpg
www.jaiminton.com/assets/images/ 413 KB
414 KB 140ms
139ms Image
image/jpeg 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/NOK.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec4baff4e5868c2e4806a768730ea68a17b9af88aa63cfd1a156389f2c24720e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 6868e23c58c276678a52d69a76f33821cc0b076b
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 10:05:43 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 423006
x-served-by: cache-fra-eddf8230092-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: D584:1D25:D9C0E0:E28C6F:64313D41
x-timer: S1680949697.461722,VS0,VE96
etag: "643111a6-6745e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQAx7gECOsYYIRjSAG1PPf75f%2BCw5dX9YPSkDU7qGt%2B0NGQLszG8G1hDo5yt7CISYiymWGGkNNlsB%2BblJb5wg37Nrwd%2BPlLLBpWg2datIMjfmyb5Ck1O%2FQO8tICNIOdI00Brys5B5IlTpgjti5%2BLvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b625b070da89000-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 HHC2022.jpg
www.jaiminton.com/assets/images/HHC2022/ 207 KB
208 KB 140ms
139ms Image
image/jpeg 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/HHC2022/HHC2022.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 124efabef5f2a8a43a7d72d6b77185ce038d2b5090bba82c103dc60ac28e3333

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 33b463f99e7264ed60d5784d3d516343b4f0bf79
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 10:05:43 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 212021
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: B6D6:05C4:19ED4A4:1ADD3B5:64313D41
x-timer: S1680949698.528390,VS0,VE102
etag: "643111a6-33c35"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=czjklAnbvGD%2B0wYfmDHyouRWRmDYKEgIXEisp2wuLNrpxZi61qWxWM8m1GI%2FCg0nYEMvchmqkb4Px%2FxhsmE%2BnEahtmfEZQ0PgjqgeOYVFDzy4xWGE6dvybWQI963Xv0a0CgGLBzpBY4a8cjbEazYiw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b625b070dac9000-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 Redline.jpg
www.jaiminton.com/assets/images/ 64 KB
64 KB 139ms
138ms Image
image/jpeg 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/Redline.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98831bd905c45245dd18a59d5910d579831503ff911386691743206bc90650be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 54c327763790e560432f2c0f2761a9fa4570d620
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 04:42:18 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65106
x-served-by: cache-hhn-etou8220053-HHN
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: A764:7BA7:139DCEC:1B33ABE:6432E003
x-timer: S1681055748.533185,VS0,VE101
etag: "643111a6-fe52"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClwrcPVyNvv6UZRjxqtPneAFofsjRKCoNPLwVnKfdzQZ3RpTh69NRh8cR78TI2mxUkWnPm7q5%2BsRSzEm5PX5nnziEhamyprW56J5erm0faBBkH3Qvnc3%2F%2BloHnuSfqiCSVWB1jpmMmy8UPMUtI2prg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b625b070dad9000-FRA
priority: u=3,i
x-cache-hits: 0

GET
H3 200 email-decode.min.js Show response
www.jaiminton.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jaiminton.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 09:55:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 04 Apr 2023 10:03:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"642bf60d-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yzy7CWjCmES%2FJP7ImTwpbZWCFtAnBDw7lvV60fkSz1rLYscN835GIPN3PhbqFoIZJH2a6i0647rk%2BYYZ5h%2Bf535wy6tCSu53PUHY%2BaE4PtqkswFns8IYeDUrYWIPKqElc0sDkkEN3ET6BFiM%2BMEnXw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7b625b06fd949000-FRA
expires: Thu, 13 Apr 2023 09:55:43 GMT

GET
H3 200 main.min.js Show response
www.jaiminton.com/assets/js/ 114 KB
42 KB 140ms
140ms Script
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/main.min.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4914006e0525e89ff3d85e76aea1346550f10a86edda3435906c54a4636fd809

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 28ed436f007a73552f72ba04c23dfee2bea85eaf
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:57:34 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230051-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 7F3E:AAB2:7D23B0:81D64E:64311709
x-timer: S1680949691.373034,VS0,VE101
etag: W/"643111a6-1c828"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wOMJHcQUb%2BcM0JNmDIAWMi6vy1SCkRTU3S4wu7B68ozlu7TKlh8RwwbFmkC0vtGxs8lbSrpeXTX8s%2FL38GOgToJYFaXe%2B718%2BCPSwK5SfVThJDmlg4qPxTYZ9uCx%2FTUp4hys1%2Fd9zTEmyKKxCHUIAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b625b070d9b9000-FRA
priority: u=2,i=?0
x-cache-hits: 1

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.7.1/js/ 1 MB
391 KB 70ms
39ms Script
application/javascript 2606:4700:e2::ac40:840f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.7.1/js/all.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:840f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06fbbb819a7f7c2e8b377f49130c5ae4654fbc734cacf7721ae46a6937b5aeb1

Request headers

Referer: https://www.jaiminton.com/
Origin: https://www.jaiminton.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 09:55:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: TBDX0TQP8N8T68VM
age: 452319
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: IlHktgB2JnKpgnUJ/CwfyRL1cTHh1JZUbBt24puqK0ajd/8vHZyKwVyXRAhhxwEX1WPc8VMs4xE250OIdkTFGm/cO8/PWybOVtMIVeE92rE=
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
server: cloudflare
etag: W/"ebb8d1549ec556961cdd7f87f7512edb"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnarJCQRJMMKIWwM%2BqbAd0c7%2BP30lIcQhbzI48FAyiia%2F1T9BJthJV62ZBveEnXpAXHr0MRLsSRoLKvZujEUx%2B4maXdsYYqqMweP%2FJsVNTxXUd4qecqx2b6l73CrlpG4HTdq%2FTIUkYSVqC40rMkZSEAA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31556926
cf-ray: 7b625b073f270859-FRA

GET
H3 200 lunr.min.js Show response
www.jaiminton.com/assets/js/lunr/ 29 KB
9 KB 131ms
130ms Script
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr.min.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b92711806ac89c3d959cf3698e6950b41d974552dccf2c99beb4e4622f9edf55

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 1860724d2c7635505168ee7e92d135abab0f8e35
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
content-encoding: br
expires: Tue, 11 Apr 2023 02:40:37 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230036-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 3634:8995:4EEA37:525EC7:64311709
x-timer: S1680949691.385736,VS0,VE101
etag: W/"643111a6-72ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9h6ZaWyduZndPw1YMGIpF55rhydp9gXSMG3kRBNqPr31EbgcJxA0duWr%2FeDI0Gk9Kj5HMuTxmO7xMCDysALmm5q0bT%2B7Bd7BSXFBXsnC4qMJQhbXbFL2BtXbguRUZxQFz5%2FpPbw2a3xj1Qf45QHb0A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
x-origin-cache: HIT
cf-ray: 7b625b070da19000-FRA
priority: u=2,i=?0
x-cache-hits: 1

GET
H3 200 lunr-store.js Show response
www.jaiminton.com/assets/js/lunr/ 21 KB
6 KB 131ms
129ms Script
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr-store.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3b4cf0ff4db3c23a25905e172f2d7212971dd74680c034d874243940b5726b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: c50a661869a83d5c707bacd24b3bc97c5b826b5a
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 04:42:18 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230125-FRA
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
server: cloudflare
x-github-request-id: 4BB0:F7FF:17DB9DD:18C19BD:64311709
x-timer: S1680949691.389266,VS0,VE96
etag: W/"643111b5-5343"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dvPmqm7E6XAGsLWS7UU5LP7NelCBPBX1ROoP9tiI8qPcsRQyMib7yE1Wd6zUKSHshep19%2BSUA%2BwRwSoCt5xGwFlxaZ4iAKCnNY3YdxgG3JlQr37ZQA%2BsfqaOxZyDmZK7qj%2FWCNLyYUgpFE%2FO4UsLpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b625b070da29000-FRA
priority: u=2,i=?0
x-cache-hits: 1

GET
H3 200 lunr-en.js Show response
www.jaiminton.com/assets/js/lunr/ 2 KB
2 KB 144ms
142ms Script
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/js/lunr/lunr-en.js
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d9b1921104eb209f68f191e40db355a7929c9b45205b0cb5690234f3a6277fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 839a98c33afa30aaca97b466f185176f1558a86d
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Tue, 11 Apr 2023 02:40:37 GMT
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230126-FRA
last-modified: Sat, 08 Apr 2023 07:03:17 GMT
server: cloudflare
x-github-request-id: C296:727A:840D86:8919F2:643116FF
x-timer: S1680949691.398942,VS0,VE100
etag: W/"643111b5-9df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVRc%2F4hNA%2FB5TIp1auacVQfb6pG0WTEyNS9USKfBPyyeR%2FtFvRAU3P%2FJclB829RZ7ndjprlq9a8fHam%2B8jT%2Ff6gkCDkRY%2F8K3fxlsHdk4kGnao8H%2FnG3TNk6cZdVaNt4AQDiXxbt6syCphP5Zczi1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7b625b070da49000-FRA
priority: u=2,i=?0
x-cache-hits: 1

GET
H2 200 v2b4487d741ca48dcbadcaf954e159fc61680799950996 Show response
static.cloudflareinsights.com/beacon.min.js/ 16 KB
6 KB 71ms
46ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v2b4487d741ca48dcbadcaf954e159fc61680799950996
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2

Request headers

Referer: https://www.jaiminton.com/
Origin: https://www.jaiminton.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 09:55:43 GMT
content-encoding: gzip
last-modified: Thu, 06 Apr 2023 16:52:30 GMT
server: cloudflare
etag: W/2023.4.1
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7b625b072de92bc6-FRA

GET
H3 200 particlesjs-config.json Show response
www.jaiminton.com/assets/ 2 KB
1 KB 138ms
138ms XHR
application/json 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/assets/particlesjs-config.json
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/assets/js/particles.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e71a14b59c6cd81cd4262c163d05a16dc98709f28cb51b2dd24036f4f17d1089

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: a6ee50ee5d199d61f522003794224519a3badce1
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
content-encoding: br
expires: Tue, 11 Apr 2023 00:43:47 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230031-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: 8CF6:6E81:5FC47:64E13:6434AAEB
x-timer: S1681206944.863684,VS0,VE94
etag: W/"643111a6-7e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHkY7EjRMO4m4Xh%2F%2FzL4%2FwSU8Rkm1U%2BKYQGeyihUf0sGiuMKUKei7X823BYGVmVL4QJqvjntdiR1N3dbkyklvsoH97fH6e6xNCONyNGspq8SUeUoSvZE2cRHtWMddYiq%2FlK335faLUtCFpKcFPP2Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 7b625b070d9f9000-FRA
priority: u=1,i
x-cache-hits: 1

GET
H3 200 rootdir.png
www.jaiminton.com/assets/images/ 4 KB
5 KB 132ms
131ms Image
image/png 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/rootdir.png
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bedf211350e28796f14c9fca55d693bc7b3694598a92bd6435d215c2f7658ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: bbeee0c5956142c9c3d33251c52471f11b191810
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 09:32:30 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4508
x-served-by: cache-fra-eddf8230138-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: A054:AAB2:7D23AE:81D64A:64311709
x-timer: S1680949691.473135,VS0,VE87
etag: "643111a6-119c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l2rl5aLp7d%2F7F2aBaE0ooZPS8rxhIAqYPEofPZyeBKiLraeG28Wvsz%2Bywa6DiQCrG7Wght4wtKkZE%2FUNdZEO3Q2SfIqcIMHZh6iyr%2B2qLU4zII0P4bFoXNGNBs%2BEXIQOD0M44hnd6zXH5yD9Hyt0Pg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
x-origin-cache: HIT
cf-ray: 7b625b071db49000-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 bio-photo.jpg
www.jaiminton.com/assets/images/ 38 KB
39 KB 131ms
131ms Image
image/jpeg 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.jaiminton.com/assets/images/bio-photo.jpg
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28fbef8e5863400ed00fc90959828a773b998efa5acf1bb71e86108c78369ae2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.jaiminton.com/cheatsheet/DFIR/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-fastly-request-id: 49ccccd730e451a3552be215b50c2bdd965b75c2
date: Tue, 11 Apr 2023 09:55:43 GMT
via: 1.1 varnish
expires: Tue, 11 Apr 2023 00:43:49 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 38748
x-served-by: cache-fra-eddf8230054-FRA
last-modified: Sat, 08 Apr 2023 07:03:02 GMT
server: cloudflare
x-github-request-id: B4BA:8425:18B8B0E:199FCFF:64311709
x-timer: S1680949691.479540,VS0,VE97
etag: "643111a6-975c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xQz8PvS7sYedKyhXRwBIdNsEf%2BltEVa7eZn0kyXaNciEUGO0z1VieBJ2G2ZVCV%2BvUEJ2pUq8mo6XABm2DQffqLCzSUwOqhI9%2FKSnO1PN0ky%2FhD9v%2BdV9W9hG3y7yf3yRMGk6xjetZpPoHDb93ff4bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7b625b071db69000-FRA
priority: u=3,i
x-cache-hits: 1

GET
H3 200 invisible.js Show response
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 4D86 29 KB
13 KB 15ms
15ms Script
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1681200000
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cheatsheet/DFIR/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31cc9c7c65c14cf753eefa58f15b1344152f397722552ae7864e25a3363a407f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 09:55:44 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBxrT%2Bu5Fsz885VgyVWmR7jR6jhn%2FkDpm1ZoZNN%2BvioVJkadN6Tm%2BnN3qUOBnwdKyfBHGCWtGVv7F3m%2F7LQ89%2FG%2FBVCpzjfht%2BWWhW2lDo8VhZh3Wz2cVFGzmQ5XEMFl%2ByMA5EyTPVlsK8zol6tWwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7b625b092fe09000-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i=?0

POST
H3 204 rum Show response
www.jaiminton.com/cdn-cgi/ 0
143 B 10ms
9ms XHR
text/plain 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.jaiminton.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v2b4487d741ca48dcbadcaf954e159fc61680799950996

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.jaiminton.com/cheatsheet/DFIR/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
content-type: application/json

Response headers

date: Tue, 11 Apr 2023 09:55:44 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.jaiminton.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7b625b0dcd0f9000-FRA

GET
H3 200 pica.js
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame 4D86 7 KB
4 KB 15ms
15ms Other
application/javascript 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 381ec63e1034057e76de47cbf200d72a5f336ef5b9d8609bcbe04bd501741480

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 09:55:44 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVNICTydHNK7QBfSpYuz%2FUthor47%2FNvx3Yi9W%2F6yUIHkTBZ0cst8GRyKtRyVxjrDJnZuK75L6EWyMnU4yEZ%2FDABq01xtv%2Bc57EHXpkp%2Fk3htajTpBW80vrgvoEEXcEMgB4eZ0KdOW0iIpKSG7l5fkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-control-type-options: nosniff
cf-ray: 7b625b0ded339000-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=1,i

POST
H3 200 7b625b055d713802 Show response
www.jaiminton.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 4D86 2 B
673 B 31ms
31ms XHR
text/plain 2606:4700:3031::6815:2897
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/cv/result/7b625b055d713802
Requested by: Host: www.jaiminton.com
URL: https://www.jaiminton.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1681200000
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::6815:2897 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 11 Apr 2023 09:55:45 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lxWHYtkGIdP9n40uv4EzSV35NKMndkvuqFxImEDSk4gJFWWbrRrpHENnKhhpmJ8xP6Qdv1XyarZ5fwUzq3elobSr8xwSzoi%2BqwZbmuYz6yy9M816Wnvbiu3K%2FjGWb9Dts5xaE1V%2BDZ6uDmtVfPcusg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 7b625b0fdf139000-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=1,i

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.jaiminton.com/	1970-01-20 11:00:08	Name: __cf_bm Value: 0XGcUqimb1ZxTIdvUNgE17aWaHgBM8QzlmEfJPwsmGI-1681206945-0-AcHx/oHURo+fmcgjwIzZ9XK6cYLPJh2cpNPbmYu6AgGsRq1UwwMsm+4EFihOopiO3TwkvcDBQEZHVVmCoSW+qeMZ1vUiGCEFBwgZs1JMyvoT1kDoZ2dPDh7QbAn9x7OlMA==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.jaiminton.com/cheatsheet/DFIR/(Line 136) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

static.cloudflareinsights.com
use.fontawesome.com
www.jaiminton.com
2606:4700:3031::6815:2897
2606:4700::6810:3965
2606:4700:e2::ac40:840f
06fbbb819a7f7c2e8b377f49130c5ae4654fbc734cacf7721ae46a6937b5aeb1
089ef3196f5de5b2bd64fde04892f6b04888b2dab0fe579bcbe61f2a31b9689e
124efabef5f2a8a43a7d72d6b77185ce038d2b5090bba82c103dc60ac28e3333
1bedf211350e28796f14c9fca55d693bc7b3694598a92bd6435d215c2f7658ec
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28fbef8e5863400ed00fc90959828a773b998efa5acf1bb71e86108c78369ae2
31cc9c7c65c14cf753eefa58f15b1344152f397722552ae7864e25a3363a407f
381ec63e1034057e76de47cbf200d72a5f336ef5b9d8609bcbe04bd501741480
47d20107cf307d0a79ecbd1f8ff6db2e86237a692b81fbfa44383caa068d05ed
4860695983e79ae4c596701d7203945837da206d3fdba56684661a5cd60b16c2
4914006e0525e89ff3d85e76aea1346550f10a86edda3435906c54a4636fd809
4d9b1921104eb209f68f191e40db355a7929c9b45205b0cb5690234f3a6277fc
7d052b2e198ee9123bd0321bd86377e598024b73e1de75e67832396833ce006d
89c8e085c3da89b31fd63bf88102068b931e58d1de9b64a2b29728ac28827d28
98831bd905c45245dd18a59d5910d579831503ff911386691743206bc90650be
a2cfbdba5cd0f63606455f32ac200a707f91e0027e5c83989b2bcd09b69926e3
b92711806ac89c3d959cf3698e6950b41d974552dccf2c99beb4e4622f9edf55
d3b4cf0ff4db3c23a25905e172f2d7212971dd74680c034d874243940b5726b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71a14b59c6cd81cd4262c163d05a16dc98709f28cb51b2dd24036f4f17d1089
ec4baff4e5868c2e4806a768730ea68a17b9af88aa63cfd1a156389f2c24720e

www.jaiminton.com Open in urlscan Pro 2606:4700:3031::6815:2897 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

1658 kBTransfer

2925 kBSize

1 Cookies

260 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

www.jaiminton.com Open in urlscan Pro
2606:4700:3031::6815:2897 Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

1658 kB
Transfer

2925 kB
Size

1
Cookies

22 HTTP transactions
0 data transactions