urlscan.io logo urlscan.io
SecurityTrails logo

www.sans.org Open in urlscan Pro
45.60.31.34  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf
Effective URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Submission: On September 14 via api from TW — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 21 HTTP transactions. The main IP is 45.60.31.34, located in United States and belongs to INCAPSULA, US. The main domain is www.sans.org.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2020 on July 26th 2021. Valid for: 6 months.
This is the only time www.sans.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 15 45.60.31.34 19551 (INCAPSULA)
1 2a00:1450:400... 15169 (GOOGLE)
2 52.166.11.26 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
21 5
Domain Requested by
14 www.sans.org www.sans.org
2 fonts.gstatic.com www.sans.org
2 addsearch.com www.sans.org
addsearch.com
1 www.googletagmanager.com www.sans.org
1 digital-forensics.sans.org 1 redirects
0 cdn.cookielaw.org Failed www.googletagmanager.com
0 www.google.com Failed www.sans.org
21 7
Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2020		 2021-07-26 -
2022-01-25		 6 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh
*.addsearch.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1		 2021-08-16 -
2022-09-04		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-08-23 -
2021-11-15		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Frame ID: FBDBB494D02A6612E1CAC69212A7B7B2
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

404 - Page Not Found

Page URL History Show full URLs

  1. https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf HTTP 301
    https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div [^>]*id="__nuxt"
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

21
Requests

90 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

5
IPs

3
Countries

1025 kB
Transfer

5009 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf HTTP 301
    https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request poster_2014_find_evil.pdf
www.sans.org/digital-forensics-incident-response/media/
Redirect Chain
  • https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf
  • https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
71 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5e868a3b12be0a0474a4bdea0e96cb78f1e1b9be203969bf4fb3635a9a910d4d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://learnmore.sans.org https://learnmore.sans.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Security Headers PathFactory set XFRAMEOPTS
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.sans.org
:scheme
https
:path
/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html
last-modified
Tue, 14 Sep 2021 00:24:47 GMT
content-encoding
gzip
date
Tue, 14 Sep 2021 01:44:49 GMT
cache-control
max-age=30
etag
W/"c704921910590e15332ff219289184cf"
vary
Accept-Encoding
x-cache
Error from cloudfront
via
1.1 43ea8eb6454632744ba41b82df8b9e2a.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD66-C2
x-amz-cf-id
kgAIqHO6D1qBUH1Ox5_F6wkld9ZA22S-SlqtP5R89BjIZYS6PidRNg==
age
12
set-cookie
visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; expires=Tue, 13 Sep 2022 09:19:14 GMT; HttpOnly; path=/; Domain=.sans.org; Secure; SameSite=None nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; path=/; Domain=.sans.org; Secure; SameSite=None incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==; path=/; Domain=.sans.org; Secure; SameSite=None
strict-transport-security
max-age=31536000; includeSubDomains
x-cdn
Imperva
expect-ct
max-age=86400, enforce
x-frame-options
Security Headers PathFactory set XFRAMEOPTS
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self' http://learnmore.sans.org https://learnmore.sans.org
x-iinfo
14-153084597-153084598 NNNN CT(7 7 0) RT(1631583899645 0) q(0 0 0 4) r(1 1) U11

Redirect headers

date
Tue, 14 Sep 2021 01:44:55 GMT
content-type
text/html; charset=iso-8859-1
content-length
296
set-cookie
AWSALB=oO6ivsQgBox4rZIqd0XcixrSrBm/D1L4olFg8xjMtGlKXHPnIsc616UOkBSmqeG2Cbmd25rvAcrzziiFnlbocfl5dCdzLCPGColbiMJEs1q6YRfJ+Oc1b0pKlRDF; Expires=Tue, 21 Sep 2021 01:44:55 GMT; Path=/ AWSALBCORS=oO6ivsQgBox4rZIqd0XcixrSrBm/D1L4olFg8xjMtGlKXHPnIsc616UOkBSmqeG2Cbmd25rvAcrzziiFnlbocfl5dCdzLCPGColbiMJEs1q6YRfJ+Oc1b0pKlRDF; Expires=Tue, 21 Sep 2021 01:44:55 GMT; Path=/; SameSite=None; Secure visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; expires=Tue, 13 Sep 2022 09:19:14 GMT; HttpOnly; path=/; Domain=.sans.org; Secure; SameSite=None nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; path=/; Domain=.sans.org; Secure; SameSite=None incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; path=/; Domain=.sans.org; Secure; SameSite=None
location
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
x-cdn
Imperva
expect-ct
max-age=84600; enforce
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
strict-transport-security
max-age=31556926; includeSubdomains
x-iinfo
14-153083266-153083267 NNNN CT(2 11 0) RT(1631583894490 0) q(0 0 1 1) r(1 1) U11
4639adf.js
www.sans.org/_nuxt/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/4639adf.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6a8673ea41f8b1b31a5442d0f5096dc854dd3b706b0f34cd5c5347fd5356b5f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/4639adf.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084612-153083405 2VNN RT(1631583899999 0) q(0 1 1 -1) r(1 1)
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1874
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 10 Sep 2021 13:41:25 GMT
x-frame-options
SAMEORIGIN
etag
W/"784c897d85c5efecb7ed0c477a36f02d"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=30, public
expires
Tue, 14 Sep 2021 01:45:30 GMT
3ece4f0.js
www.sans.org/_nuxt/ 		190 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/3ece4f0.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a502e8948c557e1017a8009c26d1eb995a70b013989d3b0370c536decec91450
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/3ece4f0.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084620-153081716 2VNN RT(1631583900025 0) q(0 0 0 -1) r(2 2)
strict-transport-security
max-age=31536000; includeSubDomains
content-length
65436
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Aug 2021 17:49:16 GMT
x-frame-options
SAMEORIGIN
etag
W/"64f2c951457f794d505ae9c3574914b5"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=30, public
expires
Tue, 14 Sep 2021 01:45:30 GMT
09970f2.css
www.sans.org/_nuxt/css/ 		3 MB
210 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/css/09970f2.css
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
eeb2452cde71269191f10bb78d61cc2c3627c0e35fdd8ffad850009a2cd9419f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/css/09970f2.css
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084625-153082878 2CNN RT(1631583900038 0) q(0 0 0 -1) r(0 0)
strict-transport-security
max-age=31536000; includeSubDomains
content-length
214851
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Aug 2021 17:49:16 GMT
x-frame-options
SAMEORIGIN
etag
W/"90dbb966d2933de5a91c1c186da690e9"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=25, public
expires
Tue, 14 Sep 2021 01:45:25 GMT
9ef13fd.js
www.sans.org/_nuxt/ 		1 MB
347 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/9ef13fd.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
edb3058fe7930365616cae7bb072b95bcadf9363d3be3339b87f6b2c0e51c886
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/9ef13fd.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084631-153083405 2VNN RT(1631583900063 0) q(0 0 0 -1) r(0 0)
strict-transport-security
max-age=31536000; includeSubDomains
content-length
354547
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Aug 2021 17:49:16 GMT
x-frame-options
SAMEORIGIN
etag
W/"e2ad8a01342859c5cc6100f1f36a3927"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=30, public
expires
Tue, 14 Sep 2021 01:45:30 GMT
291a06d.css
www.sans.org/_nuxt/css/ 		942 B
628 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/css/291a06d.css
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3dd04db66dc9bb460520fd11e0e8ab22cd96e2f12a2057a82f96a1fcb62cd7f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/css/291a06d.css
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084636-153083979 2CNN RT(1631583900073 0) q(0 0 0 -1) r(2 2)
content-length
446
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options
SAMEORIGIN
etag
"6718fd95b8a6948c4adb7a1ace54cde5"
expect-ct
max-age=86400, enforce
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
cache-control
max-age=26, public
expires
Tue, 14 Sep 2021 01:45:26 GMT
a3bdf4f.js
www.sans.org/_nuxt/ 		369 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/a3bdf4f.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
2ce93235fe3ebcd30982e8b81198a690d835c57a0f31027695257c81c5da52f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/a3bdf4f.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084640-153083974 2VNN RT(1631583900094 0) q(0 0 0 -1) r(1 1)
strict-transport-security
max-age=31536000; includeSubDomains
content-length
71562
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 14 Sep 2021 00:24:47 GMT
x-frame-options
SAMEORIGIN
etag
W/"7a44d5f3dba136811f0adcd4968e5f38"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=30, public
expires
Tue, 14 Sep 2021 01:45:30 GMT
78f80cb.js
www.sans.org/_nuxt/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/78f80cb.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
cc81d1ec739577ae2762e65db22ef3eab8e5e9b4505c61ea473de47ca491330e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/78f80cb.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084641-153084408 2VNN RT(1631583900099 0) q(0 1 1 -1) r(2 2)
strict-transport-security
max-age=31536000; includeSubDomains
content-length
5225
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Aug 2021 17:49:16 GMT
x-frame-options
SAMEORIGIN
etag
W/"2fe905e2a5e6dae4a09fa8a8a6a9d49e"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=30, public
expires
Tue, 14 Sep 2021 01:45:30 GMT
6f78f95.js
www.sans.org/_nuxt/ 		615 B
651 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/6f78f95.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
86709a28c51393f1dab072850745996aa9a55b280d828ab4ebdd660c87397646
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/6f78f95.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153084642-153082878 2VNN RT(1631583900103 0) q(0 0 0 -1) r(1 1)
content-length
414
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Aug 2021 17:49:42 GMT
x-frame-options
SAMEORIGIN
etag
"717e31074c520722bab908158f376fb3"
expect-ct
max-age=86400, enforce
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
max-age=30, public
set-cookie
nlbi_1329355_2277483=+LYNUaxomxBYnCo3W9awxwAAAACFNWeOtJrGy9xq60+1h5P9; path=/; Domain=.sans.org; Secure; SameSite=None
expires
Tue, 14 Sep 2021 01:45:30 GMT
gtm.js
www.googletagmanager.com/ 		160 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4007:812::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
76c3a72e3221ff425e3bbdece743edb734d80c69e0476bf1430f0f668003540a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:05 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53532
x-xss-protection
0
last-modified
Tue, 14 Sep 2021 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 14 Sep 2021 01:45:05 GMT
/
addsearch.com/js/ 		2 KB
1010 B 		Script
General
Check archive.org
Download Go to
Full URL
https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
6b3a6868fe7f3a1beecdaf868570b2c218bcd0db6483975aba7c656471f4455f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 14 Sep 2021 01:45:05 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Connection
keep-alive
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Length
729
_Incapsula_Resource
www.sans.org/ 		144 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1562026432
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f404cdfda695f4c6cf1d3703854a16ee8182fae2e4fdc5ea2dfb31962dd8efbe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1562026432
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; nlbi_1329355_2277483=2VQ2HsyTfRvKHn1dW9awxwAAAAAMX1ireNRA49n3hH2C12Cg; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=86400, enforce
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
20724
x-content-type-options
nosniff
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d1e9ee3a97e9347ff3e9efc6b9e4182ff3f4f3eac3fdbfc48287552ca08f497a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		327 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8373dde4a91ebe50029d6acf1447ab949af75fbb6703979d107087f5c7d85514

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		358 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89b90b3011be7d6a57a3178c94dd1bf90b6643a851c57dc9a8ff6c21f452eff4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v11/jizaRExUiTo99u79D0KExQ.woff2
Requested by
Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/09970f2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4007:80e::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sans.org/
Origin
https://www.sans.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 11 Sep 2021 07:54:52 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:26:40 GMT
server
sffe
age
237014
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45416
x-xss-protection
0
expires
Sun, 11 Sep 2022 07:54:52 GMT
ClearSans-Regular.e91449d.woff
www.sans.org/_nuxt/fonts/ 		128 KB
128 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/fonts/ClearSans-Regular.e91449d.woff
Requested by
Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/09970f2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d4fe9aaa99bae15c3c5a8f13ff68bfea4bb63c488962c4a0d4fdff717884553c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://www.sans.org
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
font
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==; nlbi_1329355_2277483=+LYNUaxomxBYnCo3W9awxwAAAACFNWeOtJrGy9xq60+1h5P9
:path
/_nuxt/fonts/ClearSans-Regular.e91449d.woff
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.sans.org
referer
https://www.sans.org/_nuxt/css/09970f2.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sans.org/_nuxt/css/09970f2.css
Origin
https://www.sans.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:00 GMT
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 07 Jun 2021 17:18:04 GMT
x-cdn
Imperva
etag
"2ea640a7b9802752b71fa6564b2d22ca"
expect-ct
max-age=86400, enforce
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
x-iinfo
14-153084732-153083405 2VNN RT(1631583900551 0) q(0 0 0 -1) r(0 0)
x-xss-protection
1; mode=block
cache-control
max-age=30, public
strict-transport-security
max-age=31536000; includeSubDomains
content-length
130846
x-content-type-options
nosniff
expires
Tue, 14 Sep 2021 01:45:30 GMT
jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v11/jizfRExUiTo99u79B_mh0O6tLQ.woff2
Requested by
Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/09970f2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4007:80e::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sans.org/
Origin
https://www.sans.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Sat, 11 Sep 2021 00:32:20 GMT
x-content-type-options
nosniff
age
263566
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46988
x-xss-protection
0
last-modified
Mon, 22 Jul 2019 19:27:34 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 11 Sep 2022 00:32:20 GMT
/
addsearch.com/searchui/v3/ 		55 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://addsearch.com/searchui/v3/?key=58b8a4a0d3818cf198ff88f660f8f8f9&i=
Requested by
Host: addsearch.com
URL: https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
1fea09ac63de0c5fb028349d739646c5829cd2842ff4f5c272bf359fbd1d03ff
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Tue, 14 Sep 2021 01:45:05 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Connection
keep-alive
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubdomains;
api.js
www.google.com/recaptcha/ 		0
0
427c781.js
www.sans.org/_nuxt/ 		105 B
273 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/427c781.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/_nuxt/4639adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
323bef454cf46336a917f3b9e70d23c223c3f4917076846e4b432bc481853285
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/427c781.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==; nlbi_1329355_2277483=+LYNUaxomxBYnCo3W9awxwAAAACFNWeOtJrGy9xq60+1h5P9
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153085930-153083979 2VNN RT(1631583905137 0) q(0 0 0 -1) r(0 0)
content-length
108
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 10 Sep 2021 13:41:25 GMT
x-frame-options
SAMEORIGIN
etag
"1946ee19ad61dbbd2d21de94f06b46cf"
expect-ct
max-age=86400, enforce
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
cache-control
max-age=30, public
expires
Tue, 14 Sep 2021 01:45:35 GMT
_Incapsula_Resource
www.sans.org/ 		1 B
41 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sans.org/_Incapsula_Resource?SWKMTFSR=1&e=0.6332409309056675
Requested by
Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_Incapsula_Resource?SWKMTFSR=1&e=0.6332409309056675
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==; nlbi_1329355_2277483=+LYNUaxomxBYnCo3W9awxwAAAACFNWeOtJrGy9xq60+1h5P9; ___utmvc=rmJIOY8JJXGw+wa9BcT4dtAfkt0GENB9BlsQCoTjvihl6x1ortXN838d0jcnDF/Rp7iAuxo1evDyebgIrphQmTy0twYhax2tbXkU3mcFrB9iwsRG3NR9YTLT7kRNTRNXApSOJClp3nse1SVXnwqyCRJsdh9TcPwhZJMDuzmpgg/4bUrZlh+RPEmB5pnNey2bY+kJs9yMXNzAQyiLhzclgrYjotMOrylhqXUxogjmzskL36qKVJFRerOQ1W40y2LSOOW5/9zFmXB8UgLUOmxrMagLevZqb8moCkBWHKC1KbZWGbe9Y6GR69UODy3JuQmepWL4zrs+BfxKOZRsAYSsoPeWLyjFmn6WG0uA79ducwVnZBHx1iO2hnpKYw1MRMuKnW3G3jGViVkvhOXdoL0sBGy8T++1Cqe/ZFncuYBUrRGrKIjo2UdwFYlD37ppsx+mnmKvUZQmlIjSZEaWCsr9pNZHR8Cc+4ZOznNhLn7VUvuEWS4GiNBpfXvN2PKcBwByzTmTnGDG1WtvMyjM3KByH4HnxkW5vWc87I9c9AM/+86eg69ZWUCM/ajHIyZyQSSPtcUHKDKcJExdz5Spgtpqm79WciUudzhFfx4ne2alZSitOssThtEbITB8Ja3wqphG+DnbKAq8o+5JD2jpkxH01B3dlFpFV/FjQvFAjBUEg5OBoSE2qPAEkeMK/aCuWAY5G15Y9Y6L9kKRlIWr/ALSgT0qGb29013ZfFoofIBRy1N1XGVrWPbyi0cA5nPO6qEXO5aAWnEH7joH5XXEoje/fAjE8xOBRC5tIzfZt80KF7URKdot9a9w120EFXFeHGd8ZHtDDIdukkHe24apeoAgTsxLUxIpcTZ0VNwnNgHuwTikD5n03fVNtiINBbHf7EXWtfTJuBiGA1/IberW94esfo1cbeOIgWwrioqYVQ7gEku2EGvtZvvU1YLnucz58acGiLm/kaHZaH9TuhYLp54UCS7A09SuVBEv7NHUC6Xn18hL7t2lyOR4JIwi0iIaEYVmwJwzF02nzYI2h8VQIofObGi4H2ni0HKSTanTwp6bm5SvzH+J4X+vapmIBFCgqfJuH0Nai6rrcFeU3dc0zymrisw89geBfUgUylj9kpd1BLSmCN606uUmhgXdTI99eOzeHfFTN2+KZpuuRHnzkI7rszah57DdmhKkUDjVYWTaLHa/Mt26T+Vbdkn0arNfmTAVb2IwfCGi4NgxeygJaIWFQkmgQWwsqH3MUW9KNcitjYguPJK7+n5KDFUqcJbzraD6X8jJV7afed3DFCJ0AB7jgDwSVPz9eZv/twJ0aSeO7Ltr1WPS7cjnIGigdyhHmuW/eONHviP0h39XtuWGP/0doe1tkkwtTJLzHmbCjf9d6HTHHfwpsp8VKv3A9DRq6uBgHbBvtCVIRlurTr/Aydfs0DTjyzqALdci+/xMWOKd3tXM/Zp5V8we7o8KpvuQfR/Exa59kJ8ALdfmQzcPawZSiuDBr8V+iuv+/iqe9ymoaOUrCvdKv3RfVADaPlp0UJK+ULJz0wtE4B120oTia8//4zMFzJ3pScR2QVsdIzHYWryDtsKA8b4MTsZHh7i0OHwDZN6h2I1Kc9EW3rpeArpv3r2nki+vy9h2Sn6qqdWTVu28WyfV1493ocBqR9LxUueONBqmeSU4cflfc6/ANHNVH2+U6Is4Pf99RESGb1OH9fCAs1G3+bpuU1eVlMtf9HSQD7E6SD0qINDJZenF7cNHIT3PdZJKZL3mhZQR8NYmsijJHvvMLw7halLJg8dSIehZCfSggLeU+1iB/vQCcyx6x852BKZ/aiGYS8Df7OWC0BL2bA3favsGIu9qUNBV/XxdNoBXqJsY6JvTfdcx4rxUUPvnRWKf0830E6qFaSXBfxaPUOaVdLgXGCUGVaKiVgExgEPHtubgJ6Dm/XSc5XARi5B9obDwfpwPcH6Yg+MChSa6UprY86MS7xJ7BtrSronxo/S3hLSzXlYUDRnvtR/Aww9fQgYzJX2Ptrf+07Otmyig+FSmnDwsnljWH5HqG0HzqsV+nn0vRt8pO6GdBcBF7kx/ThRXIBA2ZatiGSUvKjUbwBSnWXWiLZW/xXYAKG1nVwMPfcGs1cuWfyr7nXcpC3uGFThOmpKXsWfIJWYBKtsbGLnUeFneI6Wg47L8lyP/pKUVn8v2QIaui+cOSkHTy40tGtjR2MSh//C1fwf6cvJuG10Qszd7LAoPC0NxTZpmLBKUEX8x3UAiFS9S5uQ3dX7Pvr5XeJeMmnw3jbJTMIww+ktL+JHEsbuCFt3ayKGv4SS7MVzLl4czdFoS34amHdaFgXpAkNEAez4lAgdMdaoqTYrmY220KOOBI+ovuaeAOq3npiV8H4/USn6xZz6UQO68+cG6u4IRrGstT9euVSOZCjXvCBK+tqcHkfEPSRq+XC1PWbEh0Yd3vtWyxlXOUMr1NYhmbEtbj73LnMQKBw8sHr2EZIkdOFOMUr7k02BL4qy0putghs9JBWbWr8kMO95Ff74Frp0/NvQoqaSNKU/W0Num99mC/cCMX8ICGHd/6IYwlJJ08GzP5jWHbYDRH4s9ZsFmSSYx8L57ganNu85CRXkc4fWFISh3hc1sluMbgBN+UfsGbZm4rmLbzJi3aazVwXc/EThenuOKaCpVN8Zy/diags/gW5wwkj9LnRWHhuplzKTLKxooLGRpZ2VzdD0xODUyNDEsMTg1MzQ4LHM9OTZiMjhlNjU5ODdiYTM2MWE4ODg4OGFiYTc2OWFmYWI2YTY4OTM4ZDY1YjA2NTg2ODBiMTlkNzlhYzc4Nzk2MjdlNzg4Yjk4N2NhYjc1NmU=
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
strict-origin-when-cross-origin
expect-ct
max-age=86400, enforce
x-frame-options
SAMEORIGIN
content-type
text/plain
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
x-content-type-options
nosniff
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		0
0
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/gif
bbd4742.js
www.sans.org/_nuxt/ 		28 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sans.org/_nuxt/bbd4742.js
Requested by
Host: www.sans.org
URL: https://www.sans.org/_nuxt/4639adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f3de98fda2e4437055c619f4e3c5e4559109cbbec5e7e63e0f2e599f59c08e7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:path
/_nuxt/bbd4742.js
pragma
no-cache
cookie
visid_incap_1819929=849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q; nlbi_1819929=b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv; incap_ses_237_1819929=ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==; visid_incap_1329355=9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL; incap_ses_237_1329355=K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==; nlbi_1329355_2277483=+LYNUaxomxBYnCo3W9awxwAAAACFNWeOtJrGy9xq60+1h5P9; ___utmvc=rmJIOY8JJXGw+wa9BcT4dtAfkt0GENB9BlsQCoTjvihl6x1ortXN838d0jcnDF/Rp7iAuxo1evDyebgIrphQmTy0twYhax2tbXkU3mcFrB9iwsRG3NR9YTLT7kRNTRNXApSOJClp3nse1SVXnwqyCRJsdh9TcPwhZJMDuzmpgg/4bUrZlh+RPEmB5pnNey2bY+kJs9yMXNzAQyiLhzclgrYjotMOrylhqXUxogjmzskL36qKVJFRerOQ1W40y2LSOOW5/9zFmXB8UgLUOmxrMagLevZqb8moCkBWHKC1KbZWGbe9Y6GR69UODy3JuQmepWL4zrs+BfxKOZRsAYSsoPeWLyjFmn6WG0uA79ducwVnZBHx1iO2hnpKYw1MRMuKnW3G3jGViVkvhOXdoL0sBGy8T++1Cqe/ZFncuYBUrRGrKIjo2UdwFYlD37ppsx+mnmKvUZQmlIjSZEaWCsr9pNZHR8Cc+4ZOznNhLn7VUvuEWS4GiNBpfXvN2PKcBwByzTmTnGDG1WtvMyjM3KByH4HnxkW5vWc87I9c9AM/+86eg69ZWUCM/ajHIyZyQSSPtcUHKDKcJExdz5Spgtpqm79WciUudzhFfx4ne2alZSitOssThtEbITB8Ja3wqphG+DnbKAq8o+5JD2jpkxH01B3dlFpFV/FjQvFAjBUEg5OBoSE2qPAEkeMK/aCuWAY5G15Y9Y6L9kKRlIWr/ALSgT0qGb29013ZfFoofIBRy1N1XGVrWPbyi0cA5nPO6qEXO5aAWnEH7joH5XXEoje/fAjE8xOBRC5tIzfZt80KF7URKdot9a9w120EFXFeHGd8ZHtDDIdukkHe24apeoAgTsxLUxIpcTZ0VNwnNgHuwTikD5n03fVNtiINBbHf7EXWtfTJuBiGA1/IberW94esfo1cbeOIgWwrioqYVQ7gEku2EGvtZvvU1YLnucz58acGiLm/kaHZaH9TuhYLp54UCS7A09SuVBEv7NHUC6Xn18hL7t2lyOR4JIwi0iIaEYVmwJwzF02nzYI2h8VQIofObGi4H2ni0HKSTanTwp6bm5SvzH+J4X+vapmIBFCgqfJuH0Nai6rrcFeU3dc0zymrisw89geBfUgUylj9kpd1BLSmCN606uUmhgXdTI99eOzeHfFTN2+KZpuuRHnzkI7rszah57DdmhKkUDjVYWTaLHa/Mt26T+Vbdkn0arNfmTAVb2IwfCGi4NgxeygJaIWFQkmgQWwsqH3MUW9KNcitjYguPJK7+n5KDFUqcJbzraD6X8jJV7afed3DFCJ0AB7jgDwSVPz9eZv/twJ0aSeO7Ltr1WPS7cjnIGigdyhHmuW/eONHviP0h39XtuWGP/0doe1tkkwtTJLzHmbCjf9d6HTHHfwpsp8VKv3A9DRq6uBgHbBvtCVIRlurTr/Aydfs0DTjyzqALdci+/xMWOKd3tXM/Zp5V8we7o8KpvuQfR/Exa59kJ8ALdfmQzcPawZSiuDBr8V+iuv+/iqe9ymoaOUrCvdKv3RfVADaPlp0UJK+ULJz0wtE4B120oTia8//4zMFzJ3pScR2QVsdIzHYWryDtsKA8b4MTsZHh7i0OHwDZN6h2I1Kc9EW3rpeArpv3r2nki+vy9h2Sn6qqdWTVu28WyfV1493ocBqR9LxUueONBqmeSU4cflfc6/ANHNVH2+U6Is4Pf99RESGb1OH9fCAs1G3+bpuU1eVlMtf9HSQD7E6SD0qINDJZenF7cNHIT3PdZJKZL3mhZQR8NYmsijJHvvMLw7halLJg8dSIehZCfSggLeU+1iB/vQCcyx6x852BKZ/aiGYS8Df7OWC0BL2bA3favsGIu9qUNBV/XxdNoBXqJsY6JvTfdcx4rxUUPvnRWKf0830E6qFaSXBfxaPUOaVdLgXGCUGVaKiVgExgEPHtubgJ6Dm/XSc5XARi5B9obDwfpwPcH6Yg+MChSa6UprY86MS7xJ7BtrSronxo/S3hLSzXlYUDRnvtR/Aww9fQgYzJX2Ptrf+07Otmyig+FSmnDwsnljWH5HqG0HzqsV+nn0vRt8pO6GdBcBF7kx/ThRXIBA2ZatiGSUvKjUbwBSnWXWiLZW/xXYAKG1nVwMPfcGs1cuWfyr7nXcpC3uGFThOmpKXsWfIJWYBKtsbGLnUeFneI6Wg47L8lyP/pKUVn8v2QIaui+cOSkHTy40tGtjR2MSh//C1fwf6cvJuG10Qszd7LAoPC0NxTZpmLBKUEX8x3UAiFS9S5uQ3dX7Pvr5XeJeMmnw3jbJTMIww+ktL+JHEsbuCFt3ayKGv4SS7MVzLl4czdFoS34amHdaFgXpAkNEAez4lAgdMdaoqTYrmY220KOOBI+ovuaeAOq3npiV8H4/USn6xZz6UQO68+cG6u4IRrGstT9euVSOZCjXvCBK+tqcHkfEPSRq+XC1PWbEh0Yd3vtWyxlXOUMr1NYhmbEtbj73LnMQKBw8sHr2EZIkdOFOMUr7k02BL4qy0putghs9JBWbWr8kMO95Ff74Frp0/NvQoqaSNKU/W0Num99mC/cCMX8ICGHd/6IYwlJJ08GzP5jWHbYDRH4s9ZsFmSSYx8L57ganNu85CRXkc4fWFISh3hc1sluMbgBN+UfsGbZm4rmLbzJi3aazVwXc/EThenuOKaCpVN8Zy/diags/gW5wwkj9LnRWHhuplzKTLKxooLGRpZ2VzdD0xODUyNDEsMTg1MzQ4LHM9OTZiMjhlNjU5ODdiYTM2MWE4ODg4OGFiYTc2OWFmYWI2YTY4OTM4ZDY1YjA2NTg2ODBiMTlkNzlhYzc4Nzk2MjdlNzg4Yjk4N2NhYjc1NmU=
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sans.org
referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 01:45:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Imperva
x-iinfo
14-153085965-153082878 2VNN RT(1631583905306 0) q(0 0 0 -1) r(0 0)
strict-transport-security
max-age=31536000; includeSubDomains
content-length
7636
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 26 Aug 2021 17:49:16 GMT
x-frame-options
SAMEORIGIN
etag
W/"52a7cb5955391de171915bf689430600"
expect-ct
max-age=86400, enforce
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=30, public
set-cookie
___utmvc=a; Max-Age=0; path=/; expires=Sun, 05 Sep 2021 09:13:32 GMT
expires
Tue, 14 Sep 2021 01:45:35 GMT
truncated
/ 		327 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c51b22ebde38fde8e25a63e161463632ad13c614a1268f60848c23ac9c039621

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		722 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
22a95d807e42979166d2d6d9c6bde6715c567c8220956c68c52e133b4352db66

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		329 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
06952c6c4ab0ecb9c6ecc808d3f82e67c8a2cf9c182ccb5e17415eb722f3eab0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e27ff355adeddbca26613a8995f64bbea66b1a903625be61a659c7eb33378d9e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		512 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2696d7c28956ab18f20f8372e9d95697288323b46904d1c20bc9a5a16421884f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com
URL
https://www.google.com/recaptcha/api.js?render=explicit
Domain
cdn.cookielaw.org
URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| dataLayer boolean| probablyLoggedIn object| __NUXT__ object| google_tag_manager function| postscribe object| google_tag_manager_external object| addsearch_custdata object| AddSearchAsync object| webpackJsonp object| __core-js_shared__ object| core object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| FontAwesomeConfig object| ___FONT_AWESOME___ function| onYouTubeIframeAPIReady string| addsearch_suid object| addsearch_searchsettings object| addsearch_i18n string| addsearch_html string| addsearch_social object| addsearchUtils object| addsearch boolean| addSearchSupportsPassive object| opts object| $nuxt

8 Cookies

Domain/Path Name / Value
digital-forensics.sans.org/ Name: AWSALB
Value: oO6ivsQgBox4rZIqd0XcixrSrBm/D1L4olFg8xjMtGlKXHPnIsc616UOkBSmqeG2Cbmd25rvAcrzziiFnlbocfl5dCdzLCPGColbiMJEs1q6YRfJ+Oc1b0pKlRDF
digital-forensics.sans.org/ Name: AWSALBCORS
Value: oO6ivsQgBox4rZIqd0XcixrSrBm/D1L4olFg8xjMtGlKXHPnIsc616UOkBSmqeG2Cbmd25rvAcrzziiFnlbocfl5dCdzLCPGColbiMJEs1q6YRfJ+Oc1b0pKlRDF
.sans.org/ Name: visid_incap_1819929
Value: 849O6g2gTj6jOqgjenQ0P5b+P2EAAAAAQUIPAAAAAABLwt/r9CIbpt12UL1r9m7q
.sans.org/ Name: nlbi_1819929
Value: b8j1Yk8PaBPNF3+JLyVZfwAAAACURm1B0afJVqnGu8g2dFHv
.sans.org/ Name: incap_ses_237_1819929
Value: ufEjGrxDdX62t9vLf/5JA5b+P2EAAAAAjP6Lov8KCCVuYp0inBHCbg==
.sans.org/ Name: visid_incap_1329355
Value: 9kpMg4UjQp2Zb3V8u5m3qZv+P2EAAAAAQUIPAAAAAACDViyhqrm5rhuDO9DongPL
.sans.org/ Name: incap_ses_237_1329355
Value: K6zjJtevJAcNvdvLf/5JA5v+P2EAAAAA7xdTWaws0Hn03GYbFKChwg==
.sans.org/ Name: nlbi_1329355_2277483
Value: +LYNUaxomxBYnCo3W9awxwAAAACFNWeOtJrGy9xq60+1h5P9

1 Console Messages

Source Level URL
Text
network error URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' http://learnmore.sans.org https://learnmore.sans.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options Security Headers PathFactory set XFRAMEOPTS
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addsearch.com
cdn.cookielaw.org
digital-forensics.sans.org
fonts.gstatic.com
www.google.com
www.googletagmanager.com
www.sans.org
cdn.cookielaw.org
www.google.com
2a00:1450:4007:80e::2003
2a00:1450:4007:812::2008
45.60.31.34
52.166.11.26
06952c6c4ab0ecb9c6ecc808d3f82e67c8a2cf9c182ccb5e17415eb722f3eab0
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
1fea09ac63de0c5fb028349d739646c5829cd2842ff4f5c272bf359fbd1d03ff
22a95d807e42979166d2d6d9c6bde6715c567c8220956c68c52e133b4352db66
2696d7c28956ab18f20f8372e9d95697288323b46904d1c20bc9a5a16421884f
2ce93235fe3ebcd30982e8b81198a690d835c57a0f31027695257c81c5da52f2
323bef454cf46336a917f3b9e70d23c223c3f4917076846e4b432bc481853285
3dd04db66dc9bb460520fd11e0e8ab22cd96e2f12a2057a82f96a1fcb62cd7f1
5e868a3b12be0a0474a4bdea0e96cb78f1e1b9be203969bf4fb3635a9a910d4d
6a8673ea41f8b1b31a5442d0f5096dc854dd3b706b0f34cd5c5347fd5356b5f4
6b3a6868fe7f3a1beecdaf868570b2c218bcd0db6483975aba7c656471f4455f
76c3a72e3221ff425e3bbdece743edb734d80c69e0476bf1430f0f668003540a
8373dde4a91ebe50029d6acf1447ab949af75fbb6703979d107087f5c7d85514
86709a28c51393f1dab072850745996aa9a55b280d828ab4ebdd660c87397646
89b90b3011be7d6a57a3178c94dd1bf90b6643a851c57dc9a8ff6c21f452eff4
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a502e8948c557e1017a8009c26d1eb995a70b013989d3b0370c536decec91450
c51b22ebde38fde8e25a63e161463632ad13c614a1268f60848c23ac9c039621
cc81d1ec739577ae2762e65db22ef3eab8e5e9b4505c61ea473de47ca491330e
d1e9ee3a97e9347ff3e9efc6b9e4182ff3f4f3eac3fdbfc48287552ca08f497a
d4fe9aaa99bae15c3c5a8f13ff68bfea4bb63c488962c4a0d4fdff717884553c
e27ff355adeddbca26613a8995f64bbea66b1a903625be61a659c7eb33378d9e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
edb3058fe7930365616cae7bb072b95bcadf9363d3be3339b87f6b2c0e51c886
eeb2452cde71269191f10bb78d61cc2c3627c0e35fdd8ffad850009a2cd9419f
f3de98fda2e4437055c619f4e3c5e4559109cbbec5e7e63e0f2e599f59c08e7c
f404cdfda695f4c6cf1d3703854a16ee8182fae2e4fdc5ea2dfb31962dd8efbe