github.com Open in urlscan Pro
192.30.253.112  Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set Slides.pdf Show response github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/	35 KB 13 KB	560ms 370ms	Document text/html	192.30.253.112 GitHub
General Check archive.org Show headers Download Go to Full URL https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.30.253.112 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US), Reverse DNS lb-192-30-253-112-iad.github.com Software GitHub.com / Resource Hash 4d5993d643b9e2ca3474d2198880ba87b9e8fbdc55f1f81c0a53872069ded591 Security Headers Name Value Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com; worker-src 'self' Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Pragma no-cache Accept-Encoding gzip, deflate Host github.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 27 Mar 2018 02:58:27 GMT Content-Encoding gzip X-Content-Type-Options nosniff Transfer-Encoding chunked Status 200 OK Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-XSS-Protection 1; mode=block X-Request-Id 2997618c-d0fe-469e-9158-6ac62bb716a6 X-Runtime 0.260180 Server GitHub.com X-GitHub-Request-Id BDB6:732C:4B2711:92A3AD:5AB9B353 X-Frame-Options deny Expect-CT max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Vary X-PJAX X-Runtime-rack 0.268631 Content-Type text/html; charset=utf-8 Cache-Control no-cache Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com; worker-src 'self' Set-Cookie logged_in=no; domain=.github.com; path=/; expires=Sat, 27 Mar 2038 02:58:27 -0000; secure; HttpOnly _gh_sess=aG5GUE1rRlpNL2NERVJ4Z08xZFplcHdMbStSKzBXZ0svK2phWmNhNy9hNlY5TTdtcHdES3ZpWFV3YXZuWVZhT2VMNmZhZzJiYmZqeDc0MzhhdDl5b0dva0Vzd3I3RnRQLzBveFhxd0w0M2NHY2paTWFkbENKbnBaK2VZcWlGSmtmWnVFRzdvYlVpWUVHVzRrNVBrNDE2TWxoR2ZZVjM5ak5COVQyMHZtc3VZb1hYMk5TYnBoMGVIbG5YUmI2QnBBNzhzZFhvN3dJZ0VvUWx0VFV6ZnRrL1Z5UzVxQUhDMDF2UjBBVUJROXRrSXc4Mms5UjhxUGlZNUdnLy9WcFZEbEhGaXpwcm9uOEJqaDZlKzNKdm00cUs4dFlyZmlTcWFuYmxrWlRTN2gva0U9LS1iUU96UUZoUlpycWgxV1B0SFVnVGx3PT0%3D--028d2eee3c20e2bfa62907cdc2d80bacc0ef9baa; path=/; secure; HttpOnly
GET H/1.1	200 OK	frameworks-7d09971c51977b60c6626362003ef38a.css assets-cdn.github.com/assets/	109 KB 23 KB	48ms 6ms	Stylesheet text/css	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Full URL https://assets-cdn.github.com/assets/frameworks-7d09971c51977b60c6626362003ef38a.css Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software GitHub.com / Resource Hash 38eed7bc50263b795618e2f6b10ae83801628e6c9ae0906c9fae8e1129f7faba Request headers Pragma no-cache Origin https://github.com Accept-Encoding gzip, deflate Host assets-cdn.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,*/*;q=0.1 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Origin https://github.com Response headers X-Fastly-Request-ID dfd36671a50738b0b2ef54854eea2ef1e0033877 Date Tue, 27 Mar 2018 02:58:27 GMT Content-Encoding gzip Age 360275 X-Cache HIT Connection keep-alive Content-Length 22643 X-Served-By cache-hhn1546-HHN Access-Control-Allow-Origin * Last-Modified Sat, 01 Jan 2000 00:00:00 GMT Server GitHub.com X-GitHub-Request-Id 0BC2:6B74:18EF26E:1A3D128:5AB433FF X-Timer S1522119508.800118,VS0,VE0 Vary Accept-Encoding Content-Type text/css Via 1.1 varnish Expires Fri, 22 Mar 2019 22:53:52 GMT Cache-Control max-age=31536000, public Accept-Ranges bytes Timing-Allow-Origin * X-Cache-Hits 79915
GET H/1.1	200 OK	github-6717de7120a5ea58fe3f6c228511294b.css assets-cdn.github.com/assets/	392 KB 92 KB	48ms 7ms	Stylesheet text/css	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Full URL https://assets-cdn.github.com/assets/github-6717de7120a5ea58fe3f6c228511294b.css Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software GitHub.com / Resource Hash 55a9f212ca870bf4b831509b520426cd4266aa9077aea93c347dc7840c2ca706 Request headers Pragma no-cache Origin https://github.com Accept-Encoding gzip, deflate Host assets-cdn.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,*/*;q=0.1 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Origin https://github.com Response headers X-Fastly-Request-ID 9aa05211eb953681bebac4c198657d9848fd6362 Date Tue, 27 Mar 2018 02:58:27 GMT Content-Encoding gzip Age 11170 X-Cache HIT Connection keep-alive Content-Length 93929 X-Served-By cache-hhn1529-HHN Access-Control-Allow-Origin * Last-Modified Sat, 01 Jan 2000 00:00:00 GMT Server GitHub.com X-GitHub-Request-Id E076:7316:2F78D4:31855B:5AB987B1 X-Timer S1522119508.801003,VS0,VE0 Vary Accept-Encoding Content-Type text/css Via 1.1 varnish Expires Tue, 26 Mar 2019 23:52:17 GMT Cache-Control max-age=31536000, public Accept-Ranges bytes Timing-Allow-Origin * X-Cache-Hits 667
GET H/1.1	200 OK	site-83dc1f7ebc9c7461fe1eab799b56c4c4.css assets-cdn.github.com/assets/	43 KB 10 KB	48ms 7ms	Stylesheet text/css	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Full URL https://assets-cdn.github.com/assets/site-83dc1f7ebc9c7461fe1eab799b56c4c4.css Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software GitHub.com / Resource Hash 302141178e1e0d59f04043f107c82d0134a611815f6367c793f60e5e3b62c257 Request headers Pragma no-cache Origin https://github.com Accept-Encoding gzip, deflate Host assets-cdn.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/css,*/*;q=0.1 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Origin https://github.com Response headers X-Fastly-Request-ID fe38a6d5ff3ec4cf0f7d90262d987a1e673195e0 Date Tue, 27 Mar 2018 02:58:27 GMT Content-Encoding gzip Age 1064986 X-Cache HIT Connection keep-alive Content-Length 9376 X-Served-By cache-hhn1542-HHN Access-Control-Allow-Origin * Last-Modified Sat, 01 Jan 2000 00:00:00 GMT Server GitHub.com X-GitHub-Request-Id 520C:3971:3298AC:347E87:5AA9733A X-Timer S1522119508.800183,VS0,VE0 Vary Accept-Encoding Content-Type text/css Via 1.1 varnish Expires Thu, 14 Mar 2019 19:08:42 GMT Cache-Control max-age=31536000, public Accept-Ranges bytes Timing-Allow-Origin * X-Cache-Hits 164338
GET H/1.1	200 OK	octocat-spinner-32-EAF2F5.gif assets-cdn.github.com/images/spinners/	3 KB 3 KB	23ms 6ms	Image image/gif	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://assets-cdn.github.com/images/spinners/octocat-spinner-32-EAF2F5.gif Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software GitHub.com / Resource Hash 0bdc57d34b85c4a4de9d0d1db10cd70e8a95f33ff4f46c5a8c48b4bf4e5a9abe Request headers Pragma no-cache Accept-Encoding gzip, deflate Host assets-cdn.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Cookie logged_in=no Connection keep-alive Cache-Control no-cache Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers X-Fastly-Request-ID 49cd6f445faa81d67d1ee78f474e960e33f0e508 Date Tue, 27 Mar 2018 02:58:27 GMT Via 1.1 varnish Age 1826667 X-Cache HIT X-Cache-Hits 144032 Connection keep-alive Content-Length 2673 X-Served-By cache-hhn1544-HHN Last-Modified Sat, 01 Jan 2000 00:00:00 GMT Server GitHub.com X-GitHub-Request-Id D8DE:3CCC:383504:3AB8FA:5A9DD3E7 X-Timer S1522119508.864868,VS0,VE0 Vary Accept-Encoding Content-Type image/gif Cache-Control max-age=31536000, public Accept-Ranges bytes Timing-Allow-Origin https://github.com Expires Tue, 05 Mar 2019 23:34:00 GMT
GET H/1.1	200 OK	octocat-spinner-128.gif assets-cdn.github.com/images/spinners/	11 KB 12 KB	22ms 5ms	Image image/gif	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://assets-cdn.github.com/images/spinners/octocat-spinner-128.gif Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software GitHub.com / Resource Hash 338974454bb5c32803e82f601beb051d373744b024fe8742a76009700fd7e033 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host assets-cdn.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Cookie logged_in=no Connection keep-alive Cache-Control no-cache Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers X-Fastly-Request-ID bdfc898d80b4692bc0c7a86350a178240fc59fa6 Date Tue, 27 Mar 2018 02:58:27 GMT Via 1.1 varnish Age 1826667 X-Cache HIT X-Cache-Hits 70028 Connection keep-alive Content-Length 11721 X-Served-By cache-hhn1539-HHN Last-Modified Sat, 01 Jan 2000 00:00:00 GMT Server GitHub.com X-GitHub-Request-Id C564:5C29:4D23D3:510A79:5A9DD3E8 X-Timer S1522119508.865215,VS0,VE0 Vary Accept-Encoding Content-Type image/gif Cache-Control max-age=31536000, public Accept-Ranges bytes Timing-Allow-Origin https://github.com Expires Tue, 05 Mar 2019 23:34:00 GMT
GET H/1.1	200 OK	frameworks-a4cd615937be93c673467fec53d0395c.js Show response assets-cdn.github.com/assets/	228 KB 82 KB	52ms 8ms	Script application/javascript	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Full URL https://assets-cdn.github.com/assets/frameworks-a4cd615937be93c673467fec53d0395c.js Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software GitHub.com / Resource Hash 88c3f5ca8442fddb75be3f2a5379af83fae6a60c4272ebca1fa6b40d1fc458fb Request headers Pragma no-cache Origin https://github.com Accept-Encoding gzip, deflate Host assets-cdn.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Origin https://github.com Response headers X-Fastly-Request-ID 9ca1f04fc9ea4973d14c1ae0e0825bddce7a0127 Date Tue, 27 Mar 2018 02:58:27 GMT Content-Encoding gzip Age 29446 X-Cache HIT Connection keep-alive Content-Length 83545 X-Served-By cache-hhn1521-HHN Access-Control-Allow-Origin * Last-Modified Sat, 01 Jan 2000 00:00:00 GMT Server GitHub.com X-GitHub-Request-Id 43BC:4761:12A11B:1346FE:5AB9404D X-Timer S1522119508.817902,VS0,VE0 Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish Expires Tue, 26 Mar 2019 18:47:42 GMT Cache-Control max-age=31536000, public Accept-Ranges bytes Timing-Allow-Origin * X-Cache-Hits 5774
GET H/1.1	200 OK	github-a17d6ed82acec96fda5e649d324914af.js Show response assets-cdn.github.com/assets/	434 KB 128 KB	6ms 5ms	Script application/javascript	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Full URL https://assets-cdn.github.com/assets/github-a17d6ed82acec96fda5e649d324914af.js Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software GitHub.com / Resource Hash e08bdfb606f6dccfe847a4ec08529d63fda1b85244e6e5fb4af62945796b2707 Request headers Pragma no-cache Origin https://github.com Accept-Encoding gzip, deflate Host assets-cdn.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Origin https://github.com Response headers X-Fastly-Request-ID 5358043f6952bf0c89eeeb72788800f09f330937 Date Tue, 27 Mar 2018 02:58:27 GMT Content-Encoding gzip Age 11170 X-Cache HIT Connection keep-alive Content-Length 130034 X-Served-By cache-hhn1529-HHN Access-Control-Allow-Origin * Last-Modified Sat, 01 Jan 2000 00:00:00 GMT Server GitHub.com X-GitHub-Request-Id E0D8:7316:2F78DE:318567:5AB987B1 X-Timer S1522119508.849813,VS0,VE0 Vary Accept-Encoding Content-Type application/javascript Via 1.1 varnish Expires Tue, 26 Mar 2019 23:52:17 GMT Cache-Control max-age=31536000, public Accept-Ranges bytes Timing-Allow-Origin * X-Cache-Hits 621
GET H/1.1	200 OK	Cookie set Slides.pdf Show response github.com/Invoke-IR/Presentations/contributors/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/	2 KB 3 KB	153ms 153ms	Fetch text/html	192.30.253.112 GitHub
General Check archive.org Show headers Download Go to Full URL https://github.com/Invoke-IR/Presentations/contributors/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Requested by Host: assets-cdn.github.com URL: https://assets-cdn.github.com/assets/frameworks-a4cd615937be93c673467fec53d0395c.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.30.253.112 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US), Reverse DNS lb-192-30-253-112-iad.github.com Software GitHub.com / Resource Hash 6a2b6b0904a1c8ca0671fb9f382cc91d238f954719e5065f2c810641467c7c3a Security Headers Name Value Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com; worker-src 'self' Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Pragma no-cache Accept-Encoding gzip, deflate Host github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept text/html Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf X-Requested-With XMLHttpRequest Cookie logged_in=no; _gh_sess=aG5GUE1rRlpNL2NERVJ4Z08xZFplcHdMbStSKzBXZ0svK2phWmNhNy9hNlY5TTdtcHdES3ZpWFV3YXZuWVZhT2VMNmZhZzJiYmZqeDc0MzhhdDl5b0dva0Vzd3I3RnRQLzBveFhxd0w0M2NHY2paTWFkbENKbnBaK2VZcWlGSmtmWnVFRzdvYlVpWUVHVzRrNVBrNDE2TWxoR2ZZVjM5ak5COVQyMHZtc3VZb1hYMk5TYnBoMGVIbG5YUmI2QnBBNzhzZFhvN3dJZ0VvUWx0VFV6ZnRrL1Z5UzVxQUhDMDF2UjBBVUJROXRrSXc4Mms5UjhxUGlZNUdnLy9WcFZEbEhGaXpwcm9uOEJqaDZlKzNKdm00cUs4dFlyZmlTcWFuYmxrWlRTN2gva0U9LS1iUU96UUZoUlpycWgxV1B0SFVnVGx3PT0%3D--028d2eee3c20e2bfa62907cdc2d80bacc0ef9baa Connection keep-alive Cache-Control no-cache Accept text/html Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Tue, 27 Mar 2018 02:58:28 GMT Content-Encoding gzip X-Content-Type-Options nosniff Transfer-Encoding chunked Status 200 OK Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-XSS-Protection 1; mode=block X-Request-Id f7371b1a-39a8-4c8d-994a-bbebf5e75c60 X-Runtime 0.046830 Server GitHub.com X-GitHub-Request-Id BDB6:732C:4B2747:92A3CF:5AB9B353 X-Frame-Options deny Expect-CT max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Vary X-PJAX X-Runtime-rack 0.052897 Content-Type text/html; charset=utf-8 Cache-Control no-cache Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com; worker-src 'self' Set-Cookie _gh_sess=ZVA0S3piTDdhYXQ0eVdLcHk0eWRsaGFmSlBVWHEvVVNTeWc5U2pKcEVteGkxS29OdE8zNStabGdrRHVvZEE4YXQvT3VuSGZJcUpVM1hZbkxYdkJlekIrTzBrVEVpSXVsMTVURGwva090cm5JQ29KVGJuOVREWTJCUXFBQ2wzL1FrekhzUGNUTXhNQ3hkdWRRMnBabFJ3NFpYcWQ2QzM4Vlg1amV6NUNPeWtMU3VXMWttVWxTMnlpSTVsVUZObURPMmJGSEdPNCtLQUViWitRTzlmOFFRalVDTUhxdDJ6d2g5TGcyN1VubEtYaWdqYVdzN1lMVitSQVpHVHp5cmhkajJ4K2JRNDhZb3NoNktvZzN0aXJZVlBwR2ZRUHNId1FQOE1UNGVPMFRkeWY0WnNycWpUOGZzQnpteUY4eHVqZ2djSStrZXhWaHF2dUtRWTZLRW5vMTRJdFhOT0RZTHN5WjVQcXUxYXM4eXIvUktHVlRJUW1xZ2lOQXBEVGd5ZFVZQUk4WStFNWpIUXFyWG8wMUNGTU9idm1BWWp3RFVWMUFQWWNHNG1Qa25XTS9jTWtndTNyRFMyNXFvRktBelBMdHk3alZHZEFCZDByZHpzWWdZZXgvUTJhdEJha3ltYVdwa3JnTGxTdUE1Rnpyaytkem55NnlkbnJZcXMxZllMZVotLTlMR09RRXArdWFBdGljcFQxMDF6OHc9PQ%3D%3D--d54f3673a1aa2996e00210a77e0717df4c815b2e; path=/; secure; HttpOnly X-HTML-Safe 7501bb04b1f9dace7ce473a0c0245952d49a7d4a
POST S	200	collect www.google-analytics.com/r/	35 B 143 B	13ms 13ms	Other image/gif	216.58.206.14 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/r/collect Requested by Host: assets-cdn.github.com URL: https://assets-cdn.github.com/assets/frameworks-a4cd615937be93c673467fec53d0395c.js Protocol SPDY Server 216.58.206.14 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS fra16s20-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers Cache-Control max-age=0 Origin https://github.com Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Tue, 27 Mar 2018 02:58:28 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 status 200 content-type image/gif access-control-allow-origin https://github.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true alt-svc hq=":443"; ma=2592000; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="42,41,39,35" content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	page_view collector.githubapp.com/github/	35 B 593 B	489ms 119ms	Image image/gif	52.200.15.226 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://collector.githubapp.com/github/page_view?dimensions[page]=https%3A%2F%2Fgithub.com%2FInvoke-IR%2FPresentations%2Fblob%2Fmaster%2F2016%2520-%2520SANS%2520DFIR%2520Summit%2FStart-Process%2520PowerShell%2520l%2520Get-ForensicArtifact%2FSlides.pdf&dimensions[title]=Presentations%2FSlides.pdf%20at%20master%20%C2%B7%20Invoke-IR%2FPresentations%20%C2%B7%20GitHub&dimensions[referrer]=&dimensions[user_agent]=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_12_6)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F63.0.3239.84%20Safari%2F537.36&dimensions[screen_resolution]=1600x1200&dimensions[pixel_ratio]=1&dimensions[browser_resolution]=1600x1200&dimensions[tz_seconds]=0&dimensions[timestamp]=1522119508016&dimensions[request_id]=BDB6%3A732C%3A4B2711%3A92A3AD%3A5AB9B353&dimensions[region_edge]=iad&dimensions[region_render]=iad&dimensions[user_id]=5545481&dimensions[user_login]=Invoke-IR&dimensions[repository_id]=63440547&dimensions[repository_nwo]=Invoke-IR%2FPresentations&dimensions[repository_public]=true&dimensions[repository_is_fork]=false&dimensions[repository_network_root_id]=63440547&dimensions[repository_network_root_nwo]=Invoke-IR%2FPresentations&dimensions[repository_explore_github_marketplace_ci_cta_shown]=false&&measures[performance_timing]=1-190-1--759-757-757-565-1-1-0---0---190-564-561-92--&&&dimensions[cid]=1083831651.1522119508 Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Server 52.200.15.226 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-52-200-15-226.compute-1.amazonaws.com Software GitHub.com / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Pragma no-cache Date Tue, 27 Mar 2018 02:58:28 GMT X-Rack-Cache miss Last-Modified Tue, 27 Mar 2018 02:58:28 GMT Server GitHub.com HTTP_X_GITHUB_REQUEST_ID 7dc7fb86-86d7-415e-a2b2-28f165378c60 Strict-Transport-Security max-age=31536000 Content-Type image/gif; charset=utf-8 Expires Sat, 25 Nov 2000 05:00:00 GMT Cache-Control no-store, no-cache, must-revalidate, private Connection keep-alive X-Runtime 0.006250 Content-Length 35 X-Request-Id ce06d200ad3c1632d62037a6fed21b4b X-UA-Compatible IE=Edge,chrome=1
GET H/1.1	200 OK	13278210 avatars3.githubusercontent.com/u/	1 KB 2 KB	23ms 6ms	Image image/jpeg	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://avatars3.githubusercontent.com/u/13278210?s=40&v=4 Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software / Resource Hash 0ededfd6e2cc71576f98291561ccfa6e84c71d6cd4e1c9f9eb6d705a6fc9cbe2 Security Headers Name Value Content-Security-Policy default-src 'none' Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers X-Fastly-Request-ID 6b440fcb9596b2c9bb521b29533ce6f997f3bd5a Content-Security-Policy default-src 'none' Via 1.1 varnish X-Content-Type-Options nosniff X-Cache HIT X-Cache-Hits 1 Connection keep-alive Vary Authorization,Accept-Encoding Content-Length 1245 X-Xss-Protection 1; mode=block X-Served-By cache-hhn1544-HHN Last-Modified Fri, 10 Jul 2015 17:50:19 GMT X-GitHub-Request-Id 7C66:BA54:1347B9:145C7B:5A99F525 X-Timer S1522119508.122999,VS0,VE1 X-Frame-Options deny Date Tue, 27 Mar 2018 02:58:28 GMT Source-Age 2080301 Strict-Transport-Security max-age=31557600 Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control max-age=300 Etag "ea12d47e670b0fbf6117bc980eb646108dba583d" Accept-Ranges bytes Timing-Allow-Origin https://github.com Expires Tue, 27 Mar 2018 03:03:28 GMT
GET H/1.1	200 OK	13278210 avatars2.githubusercontent.com/u/	1 KB 2 KB	22ms 6ms	Image image/jpeg	151.101.112.133 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://avatars2.githubusercontent.com/u/13278210?s=48&v=4 Requested by Host: github.com URL: https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Protocol HTTP/1.1 Server 151.101.112.133 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software / Resource Hash b54b99ea2391973c3c91d411ba07d6e2c90d0b36bed468acb0e3906896b202d1 Security Headers Name Value Content-Security-Policy default-src 'none' Strict-Transport-Security max-age=31557600 X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers X-Fastly-Request-ID bbb86762dae6d20f3b600e5355d5f3aaddb2136f Content-Security-Policy default-src 'none' Via 1.1 varnish X-Content-Type-Options nosniff X-Cache HIT X-Cache-Hits 1 Connection keep-alive Vary Authorization,Accept-Encoding Content-Length 1347 X-Xss-Protection 1; mode=block X-Served-By cache-hhn1532-HHN Last-Modified Fri, 10 Jul 2015 17:50:19 GMT X-GitHub-Request-Id 9BF2:35E3:7D55C8:811890:5AA28BCB X-Timer S1522119508.122809,VS0,VE1 X-Frame-Options deny Date Tue, 27 Mar 2018 02:58:28 GMT Source-Age 1517448 Strict-Transport-Security max-age=31557600 Content-Type image/jpeg Access-Control-Allow-Origin * Cache-Control max-age=300 Etag "8a48c479313a3ff03810d8cf12e8ba614931a1c9" Accept-Ranges bytes Timing-Allow-Origin https://github.com Expires Tue, 27 Mar 2018 03:03:28 GMT
OPTIONS H/1.1	204 No Content	stats Show response api.github.com/_private/browser/	0 2 KB	296ms 101ms	XHR application/octet-stream	192.30.253.116 GitHub
General Check archive.org Show headers Download Go to Full URL https://api.github.com/_private/browser/stats Requested by Host: assets-cdn.github.com URL: https://assets-cdn.github.com/assets/frameworks-a4cd615937be93c673467fec53d0395c.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.30.253.116 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US), Reverse DNS lb-192-30-253-116-iad.github.com Software GitHub.com / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com collector.githubapp.com avatars0.githubusercontent.com avatars1.githubusercontent.com avatars2.githubusercontent.com avatars3.githubusercontent.com github-cloud.s3.amazonaws.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com; worker-src 'self' Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Pragma no-cache Access-Control-Request-Method POST Origin https://github.com Accept-Encoding gzip, deflate Host api.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Accept */* Cache-Control no-cache Connection keep-alive Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Access-Control-Request-Headers content-type Response headers Date Tue, 27 Mar 2018 02:58:29 GMT Access-Control-Allow-Methods GET, POST, PATCH, PUT, DELETE X-Content-Type-Options nosniff Status 204 No Content Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-XSS-Protection 1; mode=block Referrer-Policy origin-when-cross-origin, strict-origin-when-cross-origin Server GitHub.com X-GitHub-Request-Id D95C:094F:41340E:8295AD:5AB9B355 X-Frame-Options deny Expect-CT max-age=2592000, report-uri="https://api.github.com/_private/browser/errors" Access-Control-Max-Age 86400 X-Runtime-rack 0.005651 Content-Type application/octet-stream Access-Control-Allow-Origin * Access-Control-Expose-Headers ETag, Link, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com collector.githubapp.com avatars0.githubusercontent.com avatars1.githubusercontent.com avatars2.githubusercontent.com avatars3.githubusercontent.com github-cloud.s3.amazonaws.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com; worker-src 'self' Access-Control-Allow-Headers Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Accept-Encoding, X-GitHub-OTP, X-Requested-With, User-Agent
POST H/1.1	200 OK	stats Show response api.github.com/_private/browser/	5 B 818 B	136ms 136ms	XHR application/json	192.30.253.116 GitHub
General Check archive.org Show headers Download Go to Full URL https://api.github.com/_private/browser/stats Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.30.253.116 San Francisco, United States, ASN36459 (GITHUB - GitHub, Inc., US), Reverse DNS lb-192-30-253-116-iad.github.com Software GitHub.com / Resource Hash 8e1d794b49e35ea828279c6a8c95282bbb9a0787cf5c9385256c2cc9d17baeb7 Security Headers Name Value Content-Security-Policy default-src 'none' Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Pragma no-cache Origin https://github.com Accept-Encoding gzip, deflate Host api.github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Content-Type application/json Accept */* Cache-Control no-cache Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Connection keep-alive Content-Length 11566 Referer https://github.com/Invoke-IR/Presentations/blob/master/2016%20-%20SANS%20DFIR%20Summit/Start-Process%20PowerShell%20l%20Get-ForensicArtifact/Slides.pdf Origin https://github.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Content-Type application/json Response headers Date Tue, 27 Mar 2018 02:58:29 GMT X-Content-Type-Options nosniff X-GitHub-Media-Type github.v3; format=json Status 200 OK Content-Length 5 X-XSS-Protection 1; mode=block Referrer-Policy origin-when-cross-origin, strict-origin-when-cross-origin Server GitHub.com X-GitHub-Request-Id D95C:094F:413417:8295AE:5AB9B355 X-Frame-Options deny Strict-Transport-Security max-age=31536000; includeSubdomains; preload X-Runtime-rack 0.039801 Content-Type application/json; charset=utf-8 Access-Control-Allow-Origin * Access-Control-Expose-Headers ETag, Link, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval Cache-Control no-cache Content-Security-Policy default-src 'none'

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| define object| _perfRefForUserTimingPolyfill object| regeneratorRuntime function| setImmediate function| clearImmediate function| ga object| gaplugins function| IncludeFragmentElement function| PollIncludeFragmentElement function| LocalTimeElement function| RelativeTimeElement function| TimeAgoElement function| TimeUntilElement function| ClipboardCopyElement function| HTMLDetailsDialogElement function| AutoCheckElement function| MarkdownToolbarElement function| GEmojiElement object| _octo object| gaGlobal object| gaData

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.render.githubusercontent.com/	1970-01-18 14:48:39	Name: _gat Value: 1
			.render.githubusercontent.com/	1970-01-19 08:19:51	Name: _ga Value: GA1.3.1333694909.1522119509
			github.com/	1969-12-31 23:59:59	Name: _gh_sess Value: ZVA0S3piTDdhYXQ0eVdLcHk0eWRsaGFmSlBVWHEvVVNTeWc5U2pKcEVteGkxS29OdE8zNStabGdrRHVvZEE4YXQvT3VuSGZJcUpVM1hZbkxYdkJlekIrTzBrVEVpSXVsMTVURGwva090cm5JQ29KVGJuOVREWTJCUXFBQ2wzL1FrekhzUGNUTXhNQ3hkdWRRMnBabFJ3NFpYcWQ2QzM4Vlg1amV6NUNPeWtMU3VXMWttVWxTMnlpSTVsVUZObURPMmJGSEdPNCtLQUViWitRTzlmOFFRalVDTUhxdDJ6d2g5TGcyN1VubEtYaWdqYVdzN1lMVitSQVpHVHp5cmhkajJ4K2JRNDhZb3NoNktvZzN0aXJZVlBwR2ZRUHNId1FQOE1UNGVPMFRkeWY0WnNycWpUOGZzQnpteUY4eHVqZ2djSStrZXhWaHF2dUtRWTZLRW5vMTRJdFhOT0RZTHN5WjVQcXUxYXM4eXIvUktHVlRJUW1xZ2lOQXBEVGd5ZFVZQUk4WStFNWpIUXFyWG8wMUNGTU9idm1BWWp3RFVWMUFQWWNHNG1Qa25XTS9jTWtndTNyRFMyNXFvRktBelBMdHk3alZHZEFCZDByZHpzWWdZZXgvUTJhdEJha3ltYVdwa3JnTGxTdUE1Rnpyaytkem55NnlkbnJZcXMxZllMZVotLTlMR09RRXArdWFBdGljcFQxMDF6OHc9PQ%3D%3D--d54f3673a1aa2996e00210a77e0717df4c815b2e
			.render.githubusercontent.com/	1970-01-18 14:50:05	Name: _gid Value: GA1.3.757911517.1522119509
			.github.com/	1970-01-25 22:07:51	Name: logged_in Value: no
			.github.com/	1970-01-19 08:19:51	Name: _octo Value: GH1.1.1083831651.1522119508
			.github.com/	1970-01-19 08:19:51	Name: _ga Value: GA1.2.2137647997.1522119508
			github.com/	1969-12-31 23:59:59	Name: tz Value: UTC
			.github.com/	1970-01-18 14:48:39	Name: _gat Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src render.githubusercontent.com; connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src assets-cdn.github.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; img-src 'self' data: assets-cdn.github.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src assets-cdn.github.com; style-src 'unsafe-inline' assets-cdn.github.com; worker-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.github.com
assets-cdn.github.com
avatars2.githubusercontent.com
avatars3.githubusercontent.com
collector.githubapp.com
github.com
www.google-analytics.com
151.101.112.133
192.30.253.112
192.30.253.116
216.58.206.14
52.200.15.226
0bdc57d34b85c4a4de9d0d1db10cd70e8a95f33ff4f46c5a8c48b4bf4e5a9abe
0ededfd6e2cc71576f98291561ccfa6e84c71d6cd4e1c9f9eb6d705a6fc9cbe2
302141178e1e0d59f04043f107c82d0134a611815f6367c793f60e5e3b62c257
338974454bb5c32803e82f601beb051d373744b024fe8742a76009700fd7e033
38eed7bc50263b795618e2f6b10ae83801628e6c9ae0906c9fae8e1129f7faba
4d5993d643b9e2ca3474d2198880ba87b9e8fbdc55f1f81c0a53872069ded591
55a9f212ca870bf4b831509b520426cd4266aa9077aea93c347dc7840c2ca706
6a2b6b0904a1c8ca0671fb9f382cc91d238f954719e5065f2c810641467c7c3a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88c3f5ca8442fddb75be3f2a5379af83fae6a60c4272ebca1fa6b40d1fc458fb
8e1d794b49e35ea828279c6a8c95282bbb9a0787cf5c9385256c2cc9d17baeb7
b54b99ea2391973c3c91d411ba07d6e2c90d0b36bed468acb0e3906896b202d1
e08bdfb606f6dccfe847a4ec08529d63fda1b85244e6e5fb4af62945796b2707
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855