urlscan.io logo urlscan.io
SecurityTrails logo

feedback.gsa.gov Open in urlscan Pro
184.30.211.207  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://feedback.gsa.gov/SE?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
Effective URL: https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
Submission Tags: falconsandbox
Submission: On October 17 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 184.30.211.207, located in Netherlands and belongs to AKAMAI-ASN1, EU. The main domain is feedback.gsa.gov.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on January 14th 2020. Valid for: 2 years.
This is the only time feedback.gsa.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 184.30.211.207 20940 (AKAMAI-ASN1)
1 104.108.60.16 16625 (AKAMAI-AS)
5 2
Apex Domain
Subdomains		 Transfer
5 gsa.gov
feedback.gsa.gov
207 KB
1 qualtrics.com
static-assets.qualtrics.com
96 KB
5 2
Domain Requested by
5 feedback.gsa.gov 1 redirects feedback.gsa.gov
1 static-assets.qualtrics.com feedback.gsa.gov
5 2

This site contains links to these domains. Also see Links.

Domain
www.qualtrics.com
Subject Issuer Validity Valid
akamaisecure.qualtrics.com
DigiCert SHA2 Secure Server CA		 2020-01-14 -
2022-04-18		 2 years crt.sh
*.qualtrics.com
DigiCert SHA2 Secure Server CA		 2018-10-08 -
2021-01-06		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
Frame ID: 8017C4E0A2B500B6778CB24090DCA079
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://feedback.gsa.gov/SE?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email HTTP 301
    https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /require.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

302 kB
Transfer

681 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://feedback.gsa.gov/SE?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email HTTP 301
    https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
feedback.gsa.gov/SE/
Redirect Chain
  • https://feedback.gsa.gov/SE?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
  • https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.211.207 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a184-30-211-207.deploy.static.akamaitechnologies.com
Software
monolith-gateway /
Resource Hash
eda136e334f1aef2aa611129fe4f950ce9374abf50963d0fc6e53fe1be01c4ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:method
GET
:authority
feedback.gsa.gov
:scheme
https
:path
/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
400
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/html
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
monolith-gateway
x-request-id
c9879284-3ecd-46ee-bbe3-743bed56306a
x-trace-id
5caf1a16bdcce7ef3c8dcbd286f6f429 (not sampled)
x-transaction-id
ae3737d8-741d-4ec7-97d8-6900c36851da
content-encoding
gzip
content-length
2408
date
Sat, 17 Oct 2020 20:09:08 GMT
vary
Accept-Encoding
set-cookie
XSRF-TOKEN=XSRF_6YxEKjueLDvIHIN; path=/; secure ReqCtxEph=TRUE; path=/
strict-transport-security
max-age=31536000; includeSubDomains; preload

Redirect headers

status
301
content-length
113
content-type
text/html; charset=utf-8
location
/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
server
monolith-gateway
x-request-id
4673c14a-b253-442c-8890-dbb7d85b1e8c
x-trace-id
6adbf6582151a2672da3458ef9b0a38c (not sampled)
x-transaction-id
6b597787-f442-4035-a99e-b6431f327aec
date
Sat, 17 Oct 2020 20:09:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
javascriptRequired.7959911.js
feedback.gsa.gov/WRQualtricsShared/JavaScript/ 		220 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://feedback.gsa.gov/WRQualtricsShared/JavaScript/javascriptRequired.7959911.js
Requested by
Host: feedback.gsa.gov
URL: https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.211.207 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a184-30-211-207.deploy.static.akamaitechnologies.com
Software
monolith-gateway /
Resource Hash
9cd94dac6bf3b41bd38f02464e1b1c7e0edf4d24ac6edcb12b3f689b903b19de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
homDcJz3z7imPgxs4VpIH6XnXC_cRtRF
content-encoding
gzip
etag
"68aede63ac1477b44214783566dbd13f"
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report
status
200
access-control-max-age
3000
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
75789
x-request-id
ad63f2ac-38ee-4ad7-8548-3323f55207a9
x-amz-meta-mutable
false
x-trace-id
4a93da2ebfb4393b2d6314cd01ddaf22 (not sampled)
last-modified
Fri, 16 Oct 2020 00:44:48 GMT
server
monolith-gateway
date
Sat, 17 Oct 2020 20:09:09 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
x-transaction-id
18eee042-a00a-463a-8a0c-49b3f143b0fb
access-control-expose-headers
*
cache-control
public, max-age=31313503
accept-ranges
bytes
access-control-allow-headers
*
javascriptSE.7959911.js
feedback.gsa.gov/WRQualtricsShared/JavaScript/ 		360 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://feedback.gsa.gov/WRQualtricsShared/JavaScript/javascriptSE.7959911.js
Requested by
Host: feedback.gsa.gov
URL: https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.211.207 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a184-30-211-207.deploy.static.akamaitechnologies.com
Software
monolith-gateway /
Resource Hash
f1597c1d82234aff9f1083f1e71425b7d6ff5f80df7f1bf219a4758958b859cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
IvQvZMaYYQLQBj3YrVZOxionH.FVo0t9
content-encoding
gzip
etag
"324ba39ce39b98e4fcaa2375d94f5ba2"
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report
status
200
access-control-max-age
3000
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
130727
x-request-id
fa8f2996-3b96-47b3-8f13-7d0b0d4eea1b
x-amz-meta-mutable
false
x-trace-id
71ae93363d2143960e469612d6dbc627 (not sampled)
last-modified
Fri, 16 Oct 2020 00:44:47 GMT
server
monolith-gateway
date
Sat, 17 Oct 2020 20:09:09 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
x-transaction-id
07617f4a-b9fc-49ec-86a4-040ee4a57f57
access-control-expose-headers
*
cache-control
public, max-age=31323813
accept-ranges
bytes
access-control-allow-headers
*
jquery-1-12-2.js
static-assets.qualtrics.com/static/monolith/WRQualtricsShared/JavaScript/ 		95 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static-assets.qualtrics.com/static/monolith/WRQualtricsShared/JavaScript/jquery-1-12-2.js
Requested by
Host: feedback.gsa.gov
URL: https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.108.60.16 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-108-60-16.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0754d25b83336846edc541c8e271737a872e419de3bc2195ca3cbe02c11ee339
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
Uk0RvI.TyggLGUqpvWakpW3Mmyp7Ypp7
etag
"64c22564470e023360ad3848eaaa4dd9"
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com; report-uri https://sjc1.qualtrics.com/csp-report
status
200
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-length
97267
x-amz-meta-mutable
false
last-modified
Thu, 02 Jan 2020 20:20:15 GMT
date
Sat, 17 Oct 2020 20:09:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=29190305
accept-ranges
bytes
access-control-allow-headers
*
Ajax.php
feedback.gsa.gov/SE/ 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://feedback.gsa.gov/SE/Ajax.php?action=RUM
Requested by
Host: feedback.gsa.gov
URL: https://feedback.gsa.gov/WRQualtricsShared/JavaScript/javascriptRequired.7959911.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.211.207 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a184-30-211-207.deploy.static.akamaitechnologies.com
Software
monolith-gateway /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
text/javascript, text/html, application/xml, text/xml, */*
X-Prototype-Version
1.7.3
X-Requested-With
XMLHttpRequest
Referer
https://feedback.gsa.gov/SE/?Q_DL=8vNdnLuusenW9Lv_6gUAnq8WqrqPcpv_MLRP_bCmDDyX8Oqd3EwJ&Q_CHL=email
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-trace-id
361d1946eb38cf5e5fe1d4c0b76c43b8 (not sampled)
pragma
no-cache
date
Sat, 17 Oct 2020 20:09:10 GMT
server
monolith-gateway
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/html;
status
200
x-transaction-id
cdeeda31-5323-463b-9183-82f016ada6ca
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
0
x-request-id
dd94ddf1-5110-4e75-9d62-034159f5242d
expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

132 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| Prototype object| Class function| PeriodicalExecuter function| Template object| $break object| Enumerable function| $A function| $w function| $H function| Hash function| $R function| ObjectRange object| Abstract object| Try object| Ajax object| Form object| Field function| $F object| Toggle object| Insertion object| $continue object| Position function| updateScrollInfo function| returnOffset object| Qualtrics object| Q function| $ function| $$ undefined| Sizzle function| Selector object| scrollInfo object| QModules object| Builder object| Effect object| Droppables object| Draggables function| Draggable function| SortableObserver object| Sortable object| Autocompleter object| Control function| QBuilder function| QInputBuilder function| QEntity function| makeSortable function| updateInputValues function| rankOrderAll function| rankOrder function| adjustCSS function| adjustListCSS function| INQUAD function| OUTQUAD function| INEXPO function| ELASTIC object| OverRegistry boolean| dragInProgress boolean| suspendOvers function| clearOverRegistry function| AddOver function| RemoveOver function| getOverClosure function| AddOverHelper object| translationTip function| stopEnterSubmit function| pressSubmitButtonOnEnter function| number_format function| trim function| UpdateCSTotal function| UpdateMatrixCSTotal function| UpdateMatrixCSTotalVert function| updateConjointTotal function| SBChangeOrder function| moveItemToSelectionBox function| deleteItemFromSelectionBox function| updateDrillDown function| parseValue function| createDDAnswers function| getAnswerArray function| validateNumber function| noneOfTheAboveCheck function| exclusiveAnswerCheck function| exclusiveChoiceCheck function| rankOrderRadioCheck function| getTimeArray function| startTimer function| flipNumber function| InsertSlider function| generateSliderDOM function| createSlider function| submitForm function| submitFormJumpTo function| getMousePosition function| setPosition function| findPosX function| findPosY function| autoCheck object| SEonSubmit object| SEonClick object| SEonMouseDown function| IeFixFlashFixOnload function| refreshPage function| SlideToggle function| ArrowToggle function| HelpToggle function| fillVerticalSpace function| resizedWindow function| removeElement function| getMessage object| QualtricsTools function| deleteChildren object| QualtricsSETools function| QHeatMap object| QHotSpot object| QHotSpot2 function| ofc_ready function| ofc_stoped_animating function| html5Store function| html5Retrieve function| saveFlashImages function| changePagePosition function| addReportNavigator function| isNumeric object| Cookie function| getPageSize object| FileUploader function| jQuery object| jQuery112205721640928928919 string| canCheckParent

2 Cookies

Domain/Path Name / Value
feedback.gsa.gov/ Name: ReqCtxEph
Value: TRUE
feedback.gsa.gov/ Name: XSRF-TOKEN
Value: XSRF_6YxEKjueLDvIHIN

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload