www.sans.org Open in urlscan Pro
45.60.31.34 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf
Effective URL:
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Submission: On June 08 via api (June 8th 2021, 7:28:24 pm UTC) from US

Summary HTTP 35 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 14 IPs in 4 countries across 10 domains to perform 35 HTTP transactions. The main IP is 45.60.31.34, located in United States and belongs to INCAPSULA, US. The main domain is www.sans.org.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2020 on March 4th 2021. Valid for: 6 months.

This is the only time www.sans.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	45.60.31.34 45.60.31.34	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	52.222.174.124 52.222.174.124	16509 (AMAZON-02) (AMAZON-02)
1	52.84.174.19 52.84.174.19	16509 (AMAZON-02) (AMAZON-02)
2	52.166.11.26 52.166.11.26	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c04::9d	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	52.84.174.120 52.84.174.120	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	14

15 45.60.31.34 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

digital-forensics.sans.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.sans.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.174.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-174-124.cdg50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.174.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-174-19.cdg50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.166.11.26 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

addsearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.174.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-174-120.cdg50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.209.240 (United States)

ASN13335 (CLOUDFLARENET, US)

zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	sans.org 1 redirects digital-forensics.sans.org www.sans.org	854 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	410 KB
4	google.com www.google.com	20 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
3	google-analytics.com www.google-analytics.com	59 KB
2	addsearch.com addsearch.com	15 KB
1	qualtrics.com zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com	17 KB
1	google.de www.google.de	107 B
1	doubleclick.net stats.g.doubleclick.net	86 B
1	googletagmanager.com www.googletagmanager.com	42 KB
35	10

	Domain	Requested by
14	www.sans.org	www.sans.org
4	www.google.com	www.sans.org www.gstatic.com
3	www.gstatic.com	www.google.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.sans.org
2	fonts.gstatic.com	www.sans.org
2	addsearch.com	www.sans.org addsearch.com
1	zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com	www.sans.org
1	vars.hotjar.com	static.hotjar.com
1	www.google.de	www.sans.org
1	stats.g.doubleclick.net	www.google-analytics.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.sans.org
1	www.googletagmanager.com	www.sans.org
1	digital-forensics.sans.org	1 redirects
35	14

This site contains links to these domains. Also see Links.

Domain
www.sans.edu
www.giac.org
isc.sans.edu
ics.sans.org
sans.bamboohr.com
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com
www.addsearch.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-04` - `2021-09-02`	6 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.addsearch.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2020-08-05` - `2021-09-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2020-10-26` - `2021-11-26`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Frame ID: 0F5262F753AF38660F2A3D434721FCBD
Requests: 39 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: F1C60EA173A2CCBE5CC496D488D819FF
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdRaE8aAAAAAOB9CLy-hHWeafmpvmYkeMpCXrWO&co=aHR0cHM6Ly93d3cuc2Fucy5vcmc6NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=75xht55tuzrc
Frame ID: 68580DBD234A0AE5BDFCF1E5073C5074
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf HTTP 301
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<div [^>]*id="__nuxt"/i
script /\/_nuxt\//i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<div [^>]*id="__nuxt"/i
script /\/_nuxt\//i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
html //i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

35
Requests

100 %
HTTPS

54 %
IPv6

10
Domains

14
Subdomains

14
IPs

4
Countries

1478 kB
Transfer

6124 kB
Size

12
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sans.edu/?msc=main-nav
Title: College Degrees & Certificates

Search URL Search Domain Scan URL

URL: https://www.giac.org/?msc=utility-nav
Title: GIAC Security Certifications

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/?msc=utility-nav
Title: Internet Storm Center

Search URL Search Domain Scan URL

URL: https://www.sans.edu/?msc=utility-nav
Title: SANS Technology Institute

Search URL Search Domain Scan URL

URL: https://www.giac.org/certifications/?msc=footer-secondary-nav
Title: Certifications

Search URL Search Domain Scan URL

URL: https://www.sans.edu/?msc=footer-secondary-nav
Title: Degree Programs

Search URL Search Domain Scan URL

URL: https://ics.sans.org/?msc=footer-secondary-nav
Title: Industrial Control Systems

Search URL Search Domain Scan URL

URL: https://sans.bamboohr.com/jobs/
Title: Careers

Search URL Search Domain Scan URL

URL: https://twitter.com/sansinstitute
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sansinstitute
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TheSANSInstitute
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/14104
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.addsearch.com/?utm_source=customer&utm_medium=referer&utm_campaign=customer

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf HTTP 301
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request poster_2014_find_evil.pdf Show response
www.sans.org/digital-forensics-incident-response/media/
Redirect Chain

https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

71 KB
10 KB

239ms
232ms

Document
text/html

45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

1945ad7a24e0686d876da921762247c420f9f7ab341f56164fb9d353405ec448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.sans.org
:scheme: https
:path: /digital-forensics-incident-response/media/poster_2014_find_evil.pdf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html
last-modified: Tue, 08 Jun 2021 18:19:22 GMT
content-encoding: gzip
date: Tue, 08 Jun 2021 19:28:07 GMT
cache-control: max-age=30
etag: W/"904505089c70c7be162ca146c79434af"
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 366b9fc9e06517905c8f46d7549058fc.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD79-C3
x-amz-cf-id: uvy3eBrD6KAKhEVFhbXRJggV0vqtg7R1cC3X1cHGi2SlSNhLNG7nGA==
set-cookie: visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; expires=Wed, 08 Jun 2022 06:44:44 GMT; HttpOnly; path=/; Domain=.sans.org; Secure; SameSite=None nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; path=/; Domain=.sans.org; Secure; SameSite=None incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==; path=/; Domain=.sans.org; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-iinfo: 10-5482208-5482209 NNNN CT(2 37 0) RT(1623180485676 0) q(0 0 1 0) r(2 2) U11

Redirect headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-type: text/html; charset=iso-8859-1
content-length: 296
set-cookie: AWSALB=T/uVpZHAGR+yxg434iWaD+mNXS4Td+N2htDYCCmDaCnwFlKrhGbY2bSlOZ2SKgxpVYw3dOXZ2zpYiADz/r1IcbJdnpUZAKneIQcbWcliESkyhtzwvLZ5PgdF16Js; Expires=Tue, 15 Jun 2021 19:28:06 GMT; Path=/ AWSALBCORS=T/uVpZHAGR+yxg434iWaD+mNXS4Td+N2htDYCCmDaCnwFlKrhGbY2bSlOZ2SKgxpVYw3dOXZ2zpYiADz/r1IcbJdnpUZAKneIQcbWcliESkyhtzwvLZ5PgdF16Js; Expires=Tue, 15 Jun 2021 19:28:06 GMT; Path=/; SameSite=None; Secure visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; expires=Wed, 08 Jun 2022 06:44:44 GMT; HttpOnly; path=/; Domain=.sans.org; Secure; SameSite=None nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; path=/; Domain=.sans.org; Secure; SameSite=None incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; path=/; Domain=.sans.org; Secure; SameSite=None
location: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
x-cdn: Imperva
expect-ct: max-age=84600; enforce
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=31556926; includeSubdomains
x-iinfo: 10-5482190-5482191 NNNN CT(2 10 0) RT(1623180485544 0) q(0 0 0 1) r(0 0) U11

GET
H2 200 d9fedba.js Show response
www.sans.org/_nuxt/ 4 KB
2 KB 110ms
108ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/d9fedba.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

146487123c4c48b009cd6aa62d40b781be9800daf7a961694388ad3f3e977da3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/d9fedba.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482255-5480760 2VNN RT(1623180485917 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1908
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options: SAMEORIGIN
etag: W/"3521e7908ac041b5ab876596ab2c6e46"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=BL9yZxQTVmlEBuO/sbPzYgAAAACuWXwUVvPh+CywHmDfs9EA; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:35 GMT

GET
H2 200 96381f1.js Show response
www.sans.org/_nuxt/ 189 KB
64 KB 417ms
415ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/96381f1.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aedbbe2c3c959efe8fa1016181bf4cd68ca5c167125c11034834419de8d72e99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/96381f1.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482258-5481968 2VNN RT(1623180485922 0) q(0 0 0 -1) r(1 1)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 65380
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options: SAMEORIGIN
etag: W/"b1466f7e99b45f1f94c8e8832294fe6d"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=7fk9NP+zMhOZh1vHsbPzYgAAAAAgLfUlFM9IUQFaNh5LmBLg; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:36 GMT

GET
H2 200 2fb4871.css
www.sans.org/_nuxt/css/ 3 MB
209 KB 122ms
120ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/css/2fb4871.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

59b540af1c0d07ff7b56e68d519ba028b4fd173bfa4bd03bed426867feefd7b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/css/2fb4871.css
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482256-5480665 2VNN RT(1623180485919 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 213348
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options: SAMEORIGIN
etag: W/"9473243420039fe6d62760996a46d482"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=x7QVI0mtjzgAEMvWsbPzYgAAAABC8C4QiTfiqT9ady6xEOhC; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:35 GMT

GET
H2 200 97d687d.js Show response
www.sans.org/_nuxt/ 1 MB
343 KB 386ms
384ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/97d687d.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ede3bc1008e6be1a3cad0a5f596551ecd4b48f1980549b8c2cb736782f290fcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/97d687d.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482259-5481944 2VNN RT(1623180485923 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 350936
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options: SAMEORIGIN
etag: W/"19d5838776c22bcb981e3d0e6b7146d5"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=azVGXPTokFm76kE8sbPzYgAAAADok1I2C1ctAEmAvezX0sDK; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:35 GMT

GET
H2 200 291a06d.css
www.sans.org/_nuxt/css/ 942 B
662 B 112ms
111ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/css/291a06d.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3dd04db66dc9bb460520fd11e0e8ab22cd96e2f12a2057a82f96a1fcb62cd7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/css/291a06d.css
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482257-5480776 2VNN RT(1623180485920 0) q(0 0 0 -1) r(0 0)
content-length: 446
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options: SAMEORIGIN
etag: "6718fd95b8a6948c4adb7a1ace54cde5"
expect-ct: max-age=86400, enforce
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=b7hDWkeVriKuii8nsbPzYgAAAACaKWJhEgnjksaYc5hoc0F/; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:35 GMT

GET
H2 200 8ad274c.js Show response
www.sans.org/_nuxt/ 312 KB
59 KB 417ms
416ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/8ad274c.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

642d5af87050424a4395ec747369c8d32a71fcee32f700f6395f41a1356682b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/8ad274c.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482260-5481964 2VNN RT(1623180485925 0) q(0 0 0 -1) r(1 1)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 60163
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 08 Jun 2021 18:19:22 GMT
x-frame-options: SAMEORIGIN
etag: W/"f3c05a174a153d5f2b49d15ab69aeca4"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=VonIPbWjBRwGzk32sbPzYgAAAAAgUJzuCDy5ivXZRaYDOCQ+; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:36 GMT

GET
H2 200 69d4c16.js Show response
www.sans.org/_nuxt/ 24 KB
8 KB 501ms
500ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/69d4c16.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

607d929d41e39fe3db163143f2fa1a5ae51d43157601e2266166c8b9739994eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/69d4c16.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482261-5480760 2VNN RT(1623180485926 0) q(0 0 0 -1) r(2 2)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 8273
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options: SAMEORIGIN
etag: W/"2659baa91ad1bdfb02f9587ecba87ca5"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=GIWbCDH+uFiAY1tzsbPzYgAAAAAeOcxPTzSqPIWSjK9WOWL3; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:36 GMT

GET
H2 200 d5438fb.js Show response
www.sans.org/_nuxt/ 615 B
623 B 501ms
500ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/d5438fb.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ffeba8c4d6028660cefb916dc61abb2a5568e79bd6f643958bc460dfbaf432f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/d5438fb.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; nlbi_1329355_2277483=/ctSE5NhrzvzOVCisbPzYgAAAAANSiTi3pB6YQGYzyBs/0gU; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482263-5476691 2VNN RT(1623180485929 0) q(0 0 0 -1) r(2 2)
content-length: 414
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-frame-options: SAMEORIGIN
etag: "854fb5c33ab26b208007dec0487b840a"
expect-ct: max-age=86400, enforce
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: max-age=30, public
set-cookie: nlbi_1329355_2277483=Xa1gfUifYX1BvRZpsbPzYgAAAACM5vsb/i4wLvSMZq1sW1YA; path=/; Domain=.sans.org; Secure; SameSite=None
expires: Tue, 08 Jun 2021 19:28:36 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 125 KB
42 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a122f2e5937502db3e64407b050fa8e55ba5e6083b62f8751fb9b0e54bbf80e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43252
x-xss-protection: 0
last-modified: Tue, 08 Jun 2021 19:12:11 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Jun 2021 19:28:06 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6553
date: Tue, 08 Jun 2021 17:38:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Tue, 08 Jun 2021 19:38:53 GMT

GET
H2 200 hotjar-609302.js Show response
static.hotjar.com/c/ 5 KB
2 KB 29ms
29ms Script
application/javascript 52.222.174.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-609302.js?sv=6

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.174.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-174-124.cdg50.r.cloudfront.net

Software

Resource Hash

4347f87a6393e67f67d0b7b65f413e8cb0d4a4550d815a9713f33241cb94c764

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:27:35 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 31
etag: W/f3dd168b84430b780f7495a70b75e59d
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: CDG50-P2
x-amz-cf-id: Ax2LzUF_X87JWgQqFzjy65IAScPKfMj9AJaBTJx-V5G55IU3Beytlw==
via: 1.1 941acf135bdda975383e37976690acc7.cloudfront.net (CloudFront)

GET
H3-29 200 js Show response
www.google-analytics.com/gtm/ 113 KB
40 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-K3LZ9HB&t=gtm4&cid=1573606773.1623180487

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

97ad9b7fec21a5bf4c123fedf0533393e3bcc18c563d0e42dcf5a56aa0567e51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40696
x-xss-protection: 0
expires: Tue, 08 Jun 2021 19:28:06 GMT

GET
H2 200 modules.715e89fa79f5bcedbb15.js Show response
script.hotjar.com/ 219 KB
58 KB 16ms
16ms Script
application/javascript 52.84.174.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.715e89fa79f5bcedbb15.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-609302.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.84.174.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-84-174-19.cdg50.r.cloudfront.net

Software

Resource Hash

51018cc96e7a4f9c8431b0905412d0c8dd5de63b2860af09e36e6d5947fec033

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 07:49:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41941
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59013
access-control-allow-origin: *
last-modified: Tue, 08 Jun 2021 07:48:42 GMT
etag: "38e629cd7b65ffda36981f4c80ae9e5a"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 19d683585ba961e1ecbb57668eec0a62.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: CDG50-P1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: D0pECs0ywURM-_GHiZbE8g5yeJpc6GD4ogzCe3HejGqw2Yvbk2BSjg==

GET
H/1.1 200
OK / Show response
addsearch.com/js/ 2 KB
1010 B 51ms
13ms Script
application/javascript 52.166.11.26
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

f8631c5e32a0dc65e5a5a0021026a1fe68224e4da4a2c6f16ed00ed8426b7bb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:28:06 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 729

GET
H2 200 _Incapsula_Resource Show response
www.sans.org/ 143 KB
20 KB 111ms
111ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1339280130

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

90ab4a8a14a58023fff318f3cce4708045707b02ea3fc4b36712dce215a9b7f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1339280130
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==; _ga=GA1.2.1573606773.1623180487; _gid=GA1.2.370451611.1623180487; _dc_gtm_UA-25324117-2=1; _hjTLDTest=1; _hjid=246d9c18-2bd8-4a4b-93ae-b87af2619955; _hjFirstSeen=1; nlbi_1329355_2277483=azVGXPTokFm76kE8sbPzYgAAAADok1I2C1ctAEmAvezX0sDK
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 20870
x-content-type-options: nosniff

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
86 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c04::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-25324117-2&cid=1573606773.1623180487&jid=781171382&gjid=1032025559&_gid=370451611.1623180487&_u=aGDAgEADQAAAAE~&z=1822151678

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 08 Jun 2021 19:28:06 GMT
content-type: text/plain
access-control-allow-origin: https://www.sans.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1997721721&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sans.org%2Fdigital-forensics-incident-response%2Fmedia%2Fposter_2014_find_evil.pdf&ul=en-us&de=UTF-8&dt=404%20-%20Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQ~&jid=781171382&gjid=1032025559&cid=1573606773.1623180487&tid=UA-25324117-2&_gid=370451611.1623180487&gtm=2wg6215T9DW3B&cd1=fea82ed3-bb17-4b72-8563-779c2bce6d1f&cd2=2021-06-08T21%3A28%3A06.663%2B02%3A00&cd4=&cd3=pageview&z=469021186

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 04:46:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 52874
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
296 B 29ms
28ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-25324117-2&cid=1573606773.1623180487&jid=781171382&_u=aGDAgEADQAAAAE~&z=2020024658

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:28:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 30ms
29ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-25324117-2&cid=1573606773.1623180487&jid=781171382&_u=aGDAgEADQAAAAE~&z=2020024658

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 19:28:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1e9ee3a97e9347ff3e9efc6b9e4182ff3f4f3eac3fdbfc48287552ca08f497a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8373dde4a91ebe50029d6acf1447ab949af75fbb6703979d107087f5c7d85514

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 358 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89b90b3011be7d6a57a3178c94dd1bf90b6643a851c57dc9a8ff6c21f452eff4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 44 KB
44 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v11/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/2fb4871.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sans.org
Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 16:50:25 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:26:40 GMT
server: sffe
age: 9462
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
expires: Wed, 08 Jun 2022 16:50:25 GMT

GET
H2 200 ClearSans-Regular.e91449d.woff
www.sans.org/_nuxt/fonts/ 128 KB
128 KB 109ms
108ms Font
application/x-font-woff 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/fonts/ClearSans-Regular.e91449d.woff

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/2fb4871.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d4fe9aaa99bae15c3c5a8f13ff68bfea4bb63c488962c4a0d4fdff717884553c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-fetch-mode: cors
origin: https://www.sans.org
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==; _ga=GA1.2.1573606773.1623180487; _gid=GA1.2.370451611.1623180487; _dc_gtm_UA-25324117-2=1; _hjTLDTest=1; _hjid=246d9c18-2bd8-4a4b-93ae-b87af2619955; _hjFirstSeen=1; nlbi_1329355_2277483=Xa1gfUifYX1BvRZpsbPzYgAAAACM5vsb/i4wLvSMZq1sW1YA
:path: /_nuxt/fonts/ClearSans-Regular.e91449d.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.sans.org
referer: https://www.sans.org/_nuxt/css/2fb4871.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.sans.org
Referer: https://www.sans.org/_nuxt/css/2fb4871.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:04 GMT
x-cdn: Imperva
etag: "2ea640a7b9802752b71fa6564b2d22ca"
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
x-iinfo: 10-5482333-5481944 2VNN RT(1623180486436 0) q(0 0 0 -1) r(0 0)
x-xss-protection: 1; mode=block
cache-control: max-age=30, public
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 130846
x-content-type-options: nosniff
expires: Tue, 08 Jun 2021 19:28:36 GMT

GET
H2 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 46 KB
46 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v11/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/2fb4871.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sans.org
Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 02:46:07 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:27:34 GMT
server: sffe
age: 578520
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
expires: Thu, 02 Jun 2022 02:46:07 GMT

GET
H/1.1 200
OK / Show response
addsearch.com/searchui/v3/ 55 KB
14 KB 23ms
21ms Script
application/javascript 52.166.11.26
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://addsearch.com/searchui/v3/?key=58b8a4a0d3818cf198ff88f660f8f8f9&i=

Requested by

Host: addsearch.com
URL: https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

ae454b2c69cdf5807406c9139b0dd6140c456d10937731d54bba11baf0656241

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 19:28:07 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ 852 B
576 B 16ms
15ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/97d687d.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

26a7814d15e84c9fa9257a6f35aabaff58835a67ef9bb29ca1fd17c4efe320cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Tue, 08 Jun 2021 19:28:07 GMT

GET
H2 200 4b2b012.js Show response
www.sans.org/_nuxt/ 105 B
248 B 109ms
108ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/4b2b012.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/d9fedba.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a061a095ebf526441750ee1024e0cf34206268220d3b9062152208fe7db075fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/4b2b012.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==; _ga=GA1.2.1573606773.1623180487; _gid=GA1.2.370451611.1623180487; _dc_gtm_UA-25324117-2=1; _hjTLDTest=1; _hjid=246d9c18-2bd8-4a4b-93ae-b87af2619955; _hjFirstSeen=1; nlbi_1329355_2277483=Xa1gfUifYX1BvRZpsbPzYgAAAACM5vsb/i4wLvSMZq1sW1YA
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482407-5480665 2VNN RT(1623180486696 0) q(0 0 0 -1) r(1 1)
content-length: 108
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:03 GMT
x-frame-options: SAMEORIGIN
etag: "04410a0eb55412b3ab17e34959539e68"
expect-ct: max-age=86400, enforce
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: max-age=30, public
expires: Tue, 08 Jun 2021 19:28:36 GMT

GET
H2 200 _Incapsula_Resource
www.sans.org/ 1 B
41 B 102ms
101ms Image
text/plain 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/_Incapsula_Resource?SWKMTFSR=1&e=0.6817803774085107

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_Incapsula_Resource?SWKMTFSR=1&e=0.6817803774085107
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==; _ga=GA1.2.1573606773.1623180487; _gid=GA1.2.370451611.1623180487; _dc_gtm_UA-25324117-2=1; _hjTLDTest=1; _hjid=246d9c18-2bd8-4a4b-93ae-b87af2619955; _hjFirstSeen=1; nlbi_1329355_2277483=Xa1gfUifYX1BvRZpsbPzYgAAAACM5vsb/i4wLvSMZq1sW1YA; ___utmvc=EHuSFV4U5oSeXk/2DuDwH146vVXf41QoLUMtLxmBBLCj1ifAknZ7Ed+XmcjP/3SjIlMZgQrEnOzSU+6iulAAnSDO0yE3QQbCFETUnTFwxOJ9ErYXHan3JKFczHCVeH/mUSNwpRDe+otBrdsiO0X58q4luM28xocEMFl4KXIKAMlUlRojy6Obz7WTTyaG0pT5L5EsV2SQvYJnkfg5INHWF/PLcbKuzRfdftXp7WBx3Ib6UKgGc1PlaKsb/wehALB+AsxtpkYvxhgDr4NmRv5Q9Bx5O/pHot6raiURtUtne9A3XvitNppUD/VOYaucNfrQ7owvf1KvGpFrehyRZr+O3pP9eNYqDkEAI47yYd0TfNWkY+NjN63j+oSRoLDT2u47h5m5aAToQ0FhchYW1FMwSpYKsaNm0KhTyghk22IBBjnrTZNJ0Hty5SBMZDftuWCImutPbOOVP+6Yvkgd+tUzsVBNktvcTee3LsW4HEM65b1JyZiFVmnaV71+xp1VuOoIwalk8BaDlIHZ1tInjQzjRMRy1W7tp2IE5N72LtB86iGYqOHPjjol/B9EZiFyRJXT/dLhVqeT7kyhWHSNTZbnzDK9qHXQnd5HeIiwmcoJpMLAhNP4Kol1TFTvIB2di28oo0sO/tnM+n7zl4v1UEJlQbGXy/m5uYuNBxXPYjF7BrXPdFV7hAVujKWcalHWlKPXVK/fHhweo/GYbJ8g4VmPJSmWLypb4QmNBcAhQUlaJz6En/hlk/V6tx8iOG+uZcyLSWgOvt4JV3zaE+Ek6q/FVHaV2l8QlluNydL2tK0a7NoJRQ/SxyJpA4+8KTPxUTbniFug9OMOKBzTD3FPmyBtTX0dKhQp1UqKIvnxiY90h//bIakO/Fjg6F0XN5nHLESFnSRB0ij4vI8TzPQWbq5h3KsPE2oDu6S+HOHYT/n6Z+8V52pIiXbmru9IlzAeN7pPZ7h9/mWNljKj9NQ61vq9IUBVBMJ0b+PFFUJ4gyaOP7Yt+rHoXnYpsMimuIz6xPYvfms3qbdpSPlT6Il7NuhjPSj2Lh50Wm+1clfT88AoLnopWaGvUKFF/jgjp6iCzT034ZZzPVL661XrnUCLN/N+oa0vVPgHNITUycZ3IQnKfV+tQsginCCzTNJAABmrP92+R4PdOBGf+/RDlqm9tA94XYWHVhbB6a04YNPMCAkm0aqyCjn2a/MhfRKP6FZtSbeTziKqUTDqMt5pgwk0KfcmVfz5sOEaQHE/piWu67pIsGlEJZohTMT+xujVCmZG9yRUm6zLIckakGIu/ryu9Qzaa2wjbw2vTDqPa+l5CfYzUl+CJWXAFWSketdeFBF1zDRHqZzdC5ak59Md5Udu+/J55YknMSyeYmLjxsU5l3IQGz4+JuFrN6+mejck8BiryYm3hMQveKZDNdrYcMEjMSwSptw7w3Wqj+SrliM1JdmYtXXqMoOCDK1x9rXXh0jG9WDLAtq5VvgN22o5gubytm4zJbgB86FT92hwiVZLPHepGjUyqmUDEW26AQHHxxWpARl6q0TOTlxIsEhWHGjXRcaEziyPuI9QhDGyr5Mr4ZicU1j3KuM58vx0peM4ES7daWnFTK+1LetMS3va/J4FvLkEY1DOwL6mCbrUomsTl9S1RvMUoHbTvQVkTSQd+7Xuf52UfPg4E0DPuGGZ2x4a3GvfUTBOnTA2JbgOfH5+fVLqYb18uPo8/JSYg3myiHfXc+lisk2ALX7EMnMmuFbadembgyXnJ1aMg+BG7DA8Sh0MhPASAb8PsBUb6+KutO6zAf45QDWsZqaKVdLBe2GcblEB3rwKwlees2XGKdBMyzfmJTR5cRUv/1U5B8gQawPGmYOHkF7E86tS7NzOEyVLPXfEo74hK7RL8BuKrNHSz/TVKV0F5c+dybNtdDuh8x8mkjf78cwgmppfnkD81N94/dqF+HvN4rbk/sPfAyF47yqLzJt4W2JD08+KeTpmqgjzBMZ0pIQvRsP/n/ICTiKO1IyZ0C0zDO3QdIXPnF+R9nu93yzDzSfHqBoP8QXIzeYVOUAnLGRpZ2VzdD0xNDAxMTcsMTQwMzEwLHM9ODFhMzg2YTE5MjlhOGU2NzdlNzM4ODdjODBhOTk5NjdhMmEzYWRhNjgzOWU3ODdkOWQ4Mzg0OWI3ODllN2M5ZjliOWI3ZDc2OTQ4MjZkNmU=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: text/plain
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
x-content-type-options: nosniff

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame F1C6 2 KB
1 KB 15ms
15ms Document
text/html 52.84.174.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-609302.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-120.cdg50.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sans.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3f1a5dbb6451309426050e13abf469c6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
x-amz-cf-id: m2O-JGUseEaDc1BCyTC3XljDWd3ETX8znM6uaw9SF55C_6OREM3kZQ==
age: 465182

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/ 341 KB
134 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

734160057d9682a89035825f63793cd0f945523efa3f8d33b8bef89bd7bdef5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.sans.org
Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:22:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3944
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136836
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 04:42:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 18:22:23 GMT

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 4fac87c.js Show response
www.sans.org/_nuxt/ 28 KB
8 KB 123ms
122ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/4fac87c.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/d9fedba.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

28179c4a6868eb9bc60ed96c77fe2796625d55dd3178135111cb5dc6e691af3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /_nuxt/4fac87c.js
pragma: no-cache
cookie: visid_incap_1819929=ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG; nlbi_1819929=NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6; incap_ses_1251_1819929=mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==; visid_incap_1329355=CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f; incap_ses_1251_1329355=iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==; _ga=GA1.2.1573606773.1623180487; _gid=GA1.2.370451611.1623180487; _dc_gtm_UA-25324117-2=1; _hjTLDTest=1; _hjid=246d9c18-2bd8-4a4b-93ae-b87af2619955; _hjFirstSeen=1; nlbi_1329355_2277483=Xa1gfUifYX1BvRZpsbPzYgAAAACM5vsb/i4wLvSMZq1sW1YA; ___utmvc=EHuSFV4U5oSeXk/2DuDwH146vVXf41QoLUMtLxmBBLCj1ifAknZ7Ed+XmcjP/3SjIlMZgQrEnOzSU+6iulAAnSDO0yE3QQbCFETUnTFwxOJ9ErYXHan3JKFczHCVeH/mUSNwpRDe+otBrdsiO0X58q4luM28xocEMFl4KXIKAMlUlRojy6Obz7WTTyaG0pT5L5EsV2SQvYJnkfg5INHWF/PLcbKuzRfdftXp7WBx3Ib6UKgGc1PlaKsb/wehALB+AsxtpkYvxhgDr4NmRv5Q9Bx5O/pHot6raiURtUtne9A3XvitNppUD/VOYaucNfrQ7owvf1KvGpFrehyRZr+O3pP9eNYqDkEAI47yYd0TfNWkY+NjN63j+oSRoLDT2u47h5m5aAToQ0FhchYW1FMwSpYKsaNm0KhTyghk22IBBjnrTZNJ0Hty5SBMZDftuWCImutPbOOVP+6Yvkgd+tUzsVBNktvcTee3LsW4HEM65b1JyZiFVmnaV71+xp1VuOoIwalk8BaDlIHZ1tInjQzjRMRy1W7tp2IE5N72LtB86iGYqOHPjjol/B9EZiFyRJXT/dLhVqeT7kyhWHSNTZbnzDK9qHXQnd5HeIiwmcoJpMLAhNP4Kol1TFTvIB2di28oo0sO/tnM+n7zl4v1UEJlQbGXy/m5uYuNBxXPYjF7BrXPdFV7hAVujKWcalHWlKPXVK/fHhweo/GYbJ8g4VmPJSmWLypb4QmNBcAhQUlaJz6En/hlk/V6tx8iOG+uZcyLSWgOvt4JV3zaE+Ek6q/FVHaV2l8QlluNydL2tK0a7NoJRQ/SxyJpA4+8KTPxUTbniFug9OMOKBzTD3FPmyBtTX0dKhQp1UqKIvnxiY90h//bIakO/Fjg6F0XN5nHLESFnSRB0ij4vI8TzPQWbq5h3KsPE2oDu6S+HOHYT/n6Z+8V52pIiXbmru9IlzAeN7pPZ7h9/mWNljKj9NQ61vq9IUBVBMJ0b+PFFUJ4gyaOP7Yt+rHoXnYpsMimuIz6xPYvfms3qbdpSPlT6Il7NuhjPSj2Lh50Wm+1clfT88AoLnopWaGvUKFF/jgjp6iCzT034ZZzPVL661XrnUCLN/N+oa0vVPgHNITUycZ3IQnKfV+tQsginCCzTNJAABmrP92+R4PdOBGf+/RDlqm9tA94XYWHVhbB6a04YNPMCAkm0aqyCjn2a/MhfRKP6FZtSbeTziKqUTDqMt5pgwk0KfcmVfz5sOEaQHE/piWu67pIsGlEJZohTMT+xujVCmZG9yRUm6zLIckakGIu/ryu9Qzaa2wjbw2vTDqPa+l5CfYzUl+CJWXAFWSketdeFBF1zDRHqZzdC5ak59Md5Udu+/J55YknMSyeYmLjxsU5l3IQGz4+JuFrN6+mejck8BiryYm3hMQveKZDNdrYcMEjMSwSptw7w3Wqj+SrliM1JdmYtXXqMoOCDK1x9rXXh0jG9WDLAtq5VvgN22o5gubytm4zJbgB86FT92hwiVZLPHepGjUyqmUDEW26AQHHxxWpARl6q0TOTlxIsEhWHGjXRcaEziyPuI9QhDGyr5Mr4ZicU1j3KuM58vx0peM4ES7daWnFTK+1LetMS3va/J4FvLkEY1DOwL6mCbrUomsTl9S1RvMUoHbTvQVkTSQd+7Xuf52UfPg4E0DPuGGZ2x4a3GvfUTBOnTA2JbgOfH5+fVLqYb18uPo8/JSYg3myiHfXc+lisk2ALX7EMnMmuFbadembgyXnJ1aMg+BG7DA8Sh0MhPASAb8PsBUb6+KutO6zAf45QDWsZqaKVdLBe2GcblEB3rwKwlees2XGKdBMyzfmJTR5cRUv/1U5B8gQawPGmYOHkF7E86tS7NzOEyVLPXfEo74hK7RL8BuKrNHSz/TVKV0F5c+dybNtdDuh8x8mkjf78cwgmppfnkD81N94/dqF+HvN4rbk/sPfAyF47yqLzJt4W2JD08+KeTpmqgjzBMZ0pIQvRsP/n/ICTiKO1IyZ0C0zDO3QdIXPnF+R9nu93yzDzSfHqBoP8QXIzeYVOUAnLGRpZ2VzdD0xNDAxMTcsMTQwMzEwLHM9ODFhMzg2YTE5MjlhOGU2NzdlNzM4ODdjODBhOTk5NjdhMmEzYWRhNjgzOWU3ODdkOWQ4Mzg0OWI3ODllN2M5ZjliOWI3ZDc2OTQ4MjZkNmU=
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sans.org
referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 10-5482442-5480665 2VNN RT(1623180486972 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 7679
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 07 Jun 2021 17:18:03 GMT
x-frame-options: SAMEORIGIN
etag: W/"cc2374f5013e753de869e2ab8eede7af"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=30, public
set-cookie: ___utmvc=a; Max-Age=0; path=/; expires=Mon, 07 Jun 2021 06:35:12 GMT
expires: Tue, 08 Jun 2021 19:28:36 GMT

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 6858 38 KB
19 KB 31ms
31ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdRaE8aAAAAAOB9CLy-hHWeafmpvmYkeMpCXrWO&co=aHR0cHM6Ly93d3cuc2Fucy5vcmc6NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=75xht55tuzrc

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b9d3ac9f56ef1ddf87cbd3014117488df48083a82f2dca184277bc02429eea3d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Z1kjiaVt1XLgytQ8SZPonQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LdRaE8aAAAAAOB9CLy-hHWeafmpvmYkeMpCXrWO&co=aHR0cHM6Ly93d3cuc2Fucy5vcmc6NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=75xht55tuzrc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sans.org/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 08 Jun 2021 19:28:07 GMT
content-security-policy: script-src 'report-sample' 'nonce-Z1kjiaVt1XLgytQ8SZPonQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19503
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/ Frame 6858 52 KB
52 KB 8ms
7ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdRaE8aAAAAAOB9CLy-hHWeafmpvmYkeMpCXrWO&co=aHR0cHM6Ly93d3cuc2Fucy5vcmc6NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=75xht55tuzrc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:08:40 GMT
vary: Accept-Encoding
last-modified: Fri, 04 Jun 2021 04:42:35 GMT
server: sffe
x-content-type-options: nosniff
age: 8367
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52867
x-xss-protection: 0
expires: Wed, 08 Jun 2022 17:08:40 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/ Frame 6858 341 KB
134 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/CdDdhZfPbLLrfYLBdThNS0-Y/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

734160057d9682a89035825f63793cd0f945523efa3f8d33b8bef89bd7bdef5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:22:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3944
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136836
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 04:42:35 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 18:22:23 GMT

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c51b22ebde38fde8e25a63e161463632ad13c614a1268f60848c23ac9c039621

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 722 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22a95d807e42979166d2d6d9c6bde6715c567c8220956c68c52e133b4352db66

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06952c6c4ab0ecb9c6ecc808d3f82e67c8a2cf9c182ccb5e17415eb722f3eab0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e27ff355adeddbca26613a8995f64bbea66b1a903625be61a659c7eb33378d9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 512 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2696d7c28956ab18f20f8372e9d95697288323b46904d1c20bc9a5a16421884f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com/SIE/ 55 KB
17 KB 66ms
33ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_5mZSMKPycxWSqpf

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

52056fc30fd0b9d012acbf81e868a7860131cac4c13df09f630e824a1bc34761

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 494648
cf-polished: origSize=57083
edge-control: max-age=604800
x-envoy-upstream-service-time: 9
vary: Accept-Encoding
cf-request-id: 0a8eb1c4df00002b1aa7016000000001
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"defb-pebR7CHT/QTPYF6Xg9/N7iTAfpk"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 65c485816b622b1a-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 6858 102 B
132 B 18ms
17ms Other
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5a1b737b86a66360a825df3c28f91ca2140a49954967a4f56cc3d90502e24897

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdRaE8aAAAAAOB9CLy-hHWeafmpvmYkeMpCXrWO&co=aHR0cHM6Ly93d3cuc2Fucy5vcmc6NDQz&hl=en&v=CdDdhZfPbLLrfYLBdThNS0-Y&size=invisible&cb=75xht55tuzrc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 19:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 08 Jun 2021 19:28:07 GMT

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sans.org/	1969-12-31 23:59:59	Name: nlbi_1329355_2277483 Value: Xa1gfUifYX1BvRZpsbPzYgAAAACM5vsb/i4wLvSMZq1sW1YA
.sans.org/	1969-12-31 23:59:59	Name: incap_ses_1251_1819929 Value: mQU8fFLtzlap1ImZYXJcEcXEv2AAAAAAE85Qm67cWWqoRuleqGl46Q==
.sans.org/	1970-01-19 18:53:02	Name: _hjFirstSeen Value: 1
.sans.org/	1970-01-20 03:38:36	Name: _hjid Value: 246d9c18-2bd8-4a4b-93ae-b87af2619955
.sans.org/	1970-01-20 03:37:50	Name: visid_incap_1819929 Value: ZhN5qkHZRK6DERnSd4Q+i8XEv2AAAAAAQUIPAAAAAAAzdZrLHq7wRSSqLeRBm1AG
.sans.org/	1970-01-20 03:37:50	Name: visid_incap_1329355 Value: CvEUHfDETc6UDyc28dABBMXEv2AAAAAAQUIPAAAAAAAj8oiIrx5Yoi+dQGiFFr0f
.sans.org/	1970-01-19 18:53:00	Name: _dc_gtm_UA-25324117-2 Value: 1
.sans.org/	1970-01-19 18:54:26	Name: _gid Value: GA1.2.370451611.1623180487
.sans.org/	1969-12-31 23:59:59	Name: nlbi_1819929 Value: NvwPN7GV9D/qu4fZLyVZfwAAAADtBL10QN7avMsdk4Q6jVT6
.sans.org/	1970-01-20 12:24:12	Name: _ga Value: GA1.2.1573606773.1623180487
.sans.org/	1969-12-31 23:59:59	Name: incap_ses_1251_1329355 Value: iX0aamUtY0Xd1ImZYXJcEcXEv2AAAAAAaZqRKjtFlvPRseOkmTY8zw==
.sans.org/	1969-12-31 23:59:59	Name: _hjTLDTest Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addsearch.com
digital-forensics.sans.org
fonts.gstatic.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.sans.org
zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com
104.17.209.240
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2008
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::2003
2a00:1450:4001:831::2003
2a00:1450:400c:c04::9d
45.60.31.34
52.166.11.26
52.222.174.124
52.84.174.120
52.84.174.19
06952c6c4ab0ecb9c6ecc808d3f82e67c8a2cf9c182ccb5e17415eb722f3eab0
146487123c4c48b009cd6aa62d40b781be9800daf7a961694388ad3f3e977da3
1945ad7a24e0686d876da921762247c420f9f7ab341f56164fb9d353405ec448
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
22a95d807e42979166d2d6d9c6bde6715c567c8220956c68c52e133b4352db66
2696d7c28956ab18f20f8372e9d95697288323b46904d1c20bc9a5a16421884f
26a7814d15e84c9fa9257a6f35aabaff58835a67ef9bb29ca1fd17c4efe320cd
28179c4a6868eb9bc60ed96c77fe2796625d55dd3178135111cb5dc6e691af3e
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
3dd04db66dc9bb460520fd11e0e8ab22cd96e2f12a2057a82f96a1fcb62cd7f1
4347f87a6393e67f67d0b7b65f413e8cb0d4a4550d815a9713f33241cb94c764
51018cc96e7a4f9c8431b0905412d0c8dd5de63b2860af09e36e6d5947fec033
52056fc30fd0b9d012acbf81e868a7860131cac4c13df09f630e824a1bc34761
59b540af1c0d07ff7b56e68d519ba028b4fd173bfa4bd03bed426867feefd7b8
5a1b737b86a66360a825df3c28f91ca2140a49954967a4f56cc3d90502e24897
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
607d929d41e39fe3db163143f2fa1a5ae51d43157601e2266166c8b9739994eb
642d5af87050424a4395ec747369c8d32a71fcee32f700f6395f41a1356682b8
734160057d9682a89035825f63793cd0f945523efa3f8d33b8bef89bd7bdef5e
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8373dde4a91ebe50029d6acf1447ab949af75fbb6703979d107087f5c7d85514
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89b90b3011be7d6a57a3178c94dd1bf90b6643a851c57dc9a8ff6c21f452eff4
90ab4a8a14a58023fff318f3cce4708045707b02ea3fc4b36712dce215a9b7f5
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
97ad9b7fec21a5bf4c123fedf0533393e3bcc18c563d0e42dcf5a56aa0567e51
a061a095ebf526441750ee1024e0cf34206268220d3b9062152208fe7db075fc
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a122f2e5937502db3e64407b050fa8e55ba5e6083b62f8751fb9b0e54bbf80e4
ae454b2c69cdf5807406c9139b0dd6140c456d10937731d54bba11baf0656241
aedbbe2c3c959efe8fa1016181bf4cd68ca5c167125c11034834419de8d72e99
b9d3ac9f56ef1ddf87cbd3014117488df48083a82f2dca184277bc02429eea3d
c51b22ebde38fde8e25a63e161463632ad13c614a1268f60848c23ac9c039621
d1e9ee3a97e9347ff3e9efc6b9e4182ff3f4f3eac3fdbfc48287552ca08f497a
d4fe9aaa99bae15c3c5a8f13ff68bfea4bb63c488962c4a0d4fdff717884553c
e27ff355adeddbca26613a8995f64bbea66b1a903625be61a659c7eb33378d9e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ede3bc1008e6be1a3cad0a5f596551ecd4b48f1980549b8c2cb736782f290fcc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8631c5e32a0dc65e5a5a0021026a1fe68224e4da4a2c6f16ed00ed8426b7bb8
ffeba8c4d6028660cefb916dc61abb2a5568e79bd6f643958bc460dfbaf432f5

www.sans.org Open in urlscan Pro 45.60.31.34 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

35 Requests

100 %HTTPS

54 %IPv6

10 Domains

14 Subdomains

14 IPs

4 Countries

1478 kBTransfer

6124 kBSize

12 Cookies

13 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.sans.org Open in urlscan Pro
45.60.31.34 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

100 %
HTTPS

54 %
IPv6

10
Domains

14
Subdomains

14
IPs

4
Countries

1478 kB
Transfer

6124 kB
Size

12
Cookies

35 HTTP transactions
9 data transactions