urlscan.io logo urlscan.io
SecurityTrails logo

idp.sans.org Open in urlscan Pro
45.60.31.34  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e2484ba1681850b0528c0387...
Effective URL: https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c...
Submission: On January 30 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 45.60.31.34, located in United States and belongs to INCAPSULA, US. The main domain is idp.sans.org. The Cisco Umbrella rank of the primary domain is 460222.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q4 on December 15th 2022. Valid for: 6 months.
This is the only time idp.sans.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 136.147.189.155 22606 (EXACT-7)
1 11 45.60.31.34 19551 (INCAPSULA)
1 2a02:26f0:10e... 20940 (AKAMAI-ASN1)
1 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
3 104.17.208.240 13335 (CLOUDFLAR...)
1 1 45.60.33.34 19551 (INCAPSULA)
15 4
1    136.147.189.155 (United States)

ASN22606 (EXACT-7, US)
PTR: click.email.sans.org
click.email.sans.org
11    45.60.31.34 (United States)

ASN19551 (INCAPSULA, US)
exams.giac.org
www.giac.org
idp.sans.org
1    2a02:26f0:10e::6860:5bb2 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2a02:26f0:11a::6867:4832 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
3    104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com
siteintercept.qualtrics.com
1    45.60.33.34 (United States)

ASN19551 (INCAPSULA, US)
auth.sans.org
Apex Domain
Subdomains		 Transfer
7 giac.org
exams.giac.org
www.giac.org — Cisco Umbrella Rank: 611717
857 KB
6 sans.org
click.email.sans.org — Cisco Umbrella Rank: 211263
auth.sans.org
idp.sans.org — Cisco Umbrella Rank: 460222
32 KB
3 qualtrics.com
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com
siteintercept.qualtrics.com — Cisco Umbrella Rank: 978
24 KB
2 typekit.net
use.typekit.net — Cisco Umbrella Rank: 436
p.typekit.net — Cisco Umbrella Rank: 598
2 KB
15 4
Domain Requested by
6 exams.giac.org exams.giac.org
4 idp.sans.org 1 redirects exams.giac.org
idp.sans.org
2 siteintercept.qualtrics.com zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com
siteintercept.qualtrics.com
1 auth.sans.org 1 redirects
1 www.giac.org exams.giac.org
1 zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com exams.giac.org
1 p.typekit.net use.typekit.net
1 use.typekit.net exams.giac.org
1 click.email.sans.org 1 redirects
15 9

This site contains links to these domains. Also see Links.

Domain
www.sans.org
Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-15 -
2023-06-13		 6 months crt.sh
use.typekit.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-14 -
2023-10-15		 a year crt.sh
*.qualtrics.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-04 -
2023-05-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
Frame ID: 8D89FED9FB6ED435461EBBC044BB89DF
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SANS Login

Page URL History Show full URLs

  1. https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e248... HTTP 302
    https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af2... Page URL
  2. https://auth.sans.org/oauth2/authorize?client_id=1o3telv6uan9t38jvkfjp0d7k4&scope=email%20openid%2... HTTP 302
    https://idp.sans.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fZHLbsIwEEX3%2FYrIeyd2ElSwSB... HTTP 302
    https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc613... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

15
Requests

100 %
HTTPS

33 %
IPv6

4
Domains

9
Subdomains

4
IPs

3
Countries

910 kB
Transfer

2547 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e2484ba1681850b0528c0387ba637ed5889160da9bb5 HTTP 302
    https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9 Page URL
  2. https://auth.sans.org/oauth2/authorize?client_id=1o3telv6uan9t38jvkfjp0d7k4&scope=email%20openid%20profile&identity_provider=auth-service-saml-idp&response_type=CODE&redirect_uri=https%3A%2F%2Fexams.giac.org%2Fauthorize HTTP 302
    https://idp.sans.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fZHLbsIwEEX3%2FYrIeyd2ElSwSBAtQkWiqtRAF90gk0zBUmK7Hoc%2Bvr7hpcKGpUf3zLXODEffTR3swKEyOiM8ZCQAXZpK6U1Glosp7ZNRfjdE2dSxFePWb%2FUrfLaAPhgjgvMd92g0tg24AtxOlbB8nWdk671FEUWyI0KUGkPjNtFhTaQq6wBtRwEJJt0qpaU%2F9J%2BpLnEBqcbWsEf%2F%2BagoXk51od1aEswmGVmxcsCT%2FppTlq7vaRonnA5YWtG1lIz34l7a68suitjCTKOX2mckZnFCGacJW7CBSHsiTsIBZ%2B8keDtbifdWOk8axdFDRlqnhZGoUGjZAApfimL8PBddVFhnvClNTfKjNnEodMHUuEb62%2Bx%2Boir6cYgK0F75n6vu27g8n4Tk%2B5hs5K%2FRojQbrbwRaEWLFCR6ylc8efp6AJj1h9HlL%2FPT8%2FrW%2BR8%3D&RelayState=H4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4 HTTP 302
    https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e2484ba1681850b0528c0387ba637ed5889160da9bb5 HTTP 302
  • https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
attempts
exams.giac.org/pages/
Redirect Chain
  • https://click.email.sans.org/?qs=e30eb8a48d7ea30fe44b0da750f00dc77fe90b1a0597e5f472178048311a5b708bd9e2484ba1681850b0528c0387ba637ed5889160da9bb5
  • https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
51a8a6f923c27fd0e66efca07d223b95ee9cd4263257d2ed560ee767804bd1b7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-type
text/html
date
Mon, 30 Jan 2023 09:45:23 GMT
etag
"0bc4e9cd2ea00e7f7e8d2ca0a2e613f7"
expect-ct
max-age=86400; enforce
last-modified
Tue, 24 Jan 2023 21:55:22 GMT
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31556926; includeSubdomains
via
1.1 58d3a6a8551ccf9c7d205fa93b6b9630.cloudfront.net (CloudFront)
x-amz-cf-id
s_Paz6IJLep5tRT-dkLSNqfzYF7iCWdX-182cfuAluruCFl2vbTk3A==
x-amz-cf-pop
IAD55-P1
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
12-40174133-40174139 NNYN CT(1 6 0) RT(1675071921734 108) q(0 0 0 1) r(0 1) U12
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
private
Connection
close
Content-Length
222
Content-Type
text/html; charset=utf-8
Date
Mon, 30 Jan 2023 09:45:21 GMT
Location
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
xzz1jhx.css
use.typekit.net/ 		12 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/xzz1jhx.css
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10e::6860:5bb2 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
be5e4a544d1b4cd4686c6e8223a3c753a5aa41c5ca571b7031b638d07d55271d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://exams.giac.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Mon, 30 Jan 2023 09:45:22 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1232
main.409597e3.js
exams.giac.org/static/js/ 		2 MB
533 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://exams.giac.org/static/js/main.409597e3.js
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
c2f68f57b0b3e6f0ea6d20e11af0be191fc9fb733e1560cb67e14bf785f5c7c3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:22 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Tue, 24 Jan 2023 21:55:22 GMT
x-cdn
Imperva
x-content-type-options
nosniff
etag
"ed167563b203d5b6fd815c375e46705d"
expect-ct
max-age=86400; enforce
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-iinfo
12-40174133-40174029 2VNN RT(1675071921734 302) q(0 0 0 -1) r(0 0)
content-length
545625
x-xss-protection
1; mode=block
main.301ba329.css
exams.giac.org/static/css/ 		927 B
701 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://exams.giac.org/static/css/main.301ba329.css
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a8cc5b37b8e84d5f0b9dec16adea89571e6eb1124ac2edfb9240b104adc5ae42
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:22 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Fri, 11 Nov 2022 18:09:17 GMT
x-cdn
Imperva
x-content-type-options
nosniff
etag
"36a1b692bbc3a02ab4d0214759146135"
expect-ct
max-age=86400; enforce
x-frame-options
SAMEORIGIN
content-type
text/css
x-iinfo
12-40174133-40173734 2VNN RT(1675071921734 305) q(0 0 0 -1) r(1 1)
content-length
553
x-xss-protection
1; mode=block
_Incapsula_Resource
exams.giac.org/ 		153 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://exams.giac.org/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=333438779
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8284f35e4504de5b0b9e671f590b32e010dec9771a465fcd41ea1153d36d4997
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
expect-ct
max-age=86400; enforce
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
22020
x-xss-protection
1; mode=block
p.css
p.typekit.net/ 		5 B
181 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=xzz1jhx&ht=tk&f=6801.6805.6806.9945.6808.6809.8415.8416.6846.6847.6848.6851.27069.27070.27073.27074&a=111748683&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/xzz1jhx.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::6867:4832 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:22 GMT
last-modified
Sun, 01 May 2022 15:58:42 GMT
server
nginx
etag
"626eae32-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
_Incapsula_Resource
exams.giac.org/ 		1 B
41 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://exams.giac.org/_Incapsula_Resource?SWKMTFSR=1&e=0.6414941608681051
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
expect-ct
max-age=86400; enforce
x-frame-options
SAMEORIGIN
content-type
text/plain
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
x-xss-protection
1; mode=block
/
zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com/SIE/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1XhZMuKBbW10xvw
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/pages/attempts?is=f52f851df0f7519c8fad66c5e822ec2c1ec84493e7b8355fdc09385af25ac8d9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b7fd9317afda8bf133a2375cba8b55a27815be810cb308baf7149fe69a21854
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://exams.giac.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
137319
cf-polished
origSize=8487
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"2127-ujZvboy2vTyhfoxFuhEZLL4pF0U"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7919463f4e972bf0-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
ClearSans-Regular.43ea7d2123718b0cfd2c.ttf
exams.giac.org/static/media/ 		297 KB
298 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://exams.giac.org/static/media/ClearSans-Regular.43ea7d2123718b0cfd2c.ttf
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/static/css/main.301ba329.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
bb811af889b6a3984944678f04b033a4805c49a66f06cde62ef29902e8f0f06f
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exams.giac.org/static/css/main.301ba329.css
Origin
https://exams.giac.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:24 GMT
via
1.1 58d3a6a8551ccf9c7d205fa93b6b9630.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubdomains
x-cdn
Imperva
x-amz-cf-pop
IAD55-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-iinfo
12-40174133-40174139 PNNN RT(1675071921734 1135) q(0 0 0 -1) r(1 1) U4
content-length
304516
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 22 Nov 2022 12:46:10 GMT
etag
"b9bdac589c0d3aac828fd3a15108b61a"
expect-ct
max-age=86400; enforce
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
font/ttf
access-control-allow-origin
https://exams.giac.org
access-control-expose-headers
ETag
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
accept-ranges
bytes
x-amz-cf-id
5nsg1_SeYk_PtBJdCo42djoaq2F7ocag99p_FKBpOH6zkEaPW6PsGw==
admin
www.giac.org/remote-config/ 		551 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.giac.org/remote-config/admin?1675071922989
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/static/js/main.409597e3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://exams.giac.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:24 GMT
x-amz-version-id
s3J.SxjKBBfEGoTEau_dXz7Dgjw.S9nQ
via
1.1 5e85a7e9f75a591c64db206ef2e2a17c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-cdn
Imperva
content-security-policy
frame-ancestors 'self'
x-amz-cf-pop
IAD55-P4
x-content-type-options
nosniff
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-iinfo
14-74407020-74407035 NNYN CT(2 8 0) RT(1675071923016 111) q(0 0 0 0) r(0 0) U9
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Oct 2022 17:40:50 GMT
etag
"f95201348ccb16727a4d826a1a08963d"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
access-control-max-age
0
access-control-allow-methods
GET, HEAD
access-control-allow-origin
*
access-control-expose-headers
ETag
x-frame-options
SAMEORIGIN
content-type
application/json
accept-ranges
bytes
x-amz-cf-id
YoGRoWwp6chuL8rASWHfsQUYQmOLmFkO5ukVJHZZ_RvsdX-FT0UlPw==
13.80b1174311323ca5c15d.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=exams.giac.org
Requested by
Host: zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com
URL: https://zn7weq3ulla03svlp-sans.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_1XhZMuKBbW10xvw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd581effa1b3f11825266bdfda9b0e6cb5fbb26c2ef1ba47739a926f3a9396ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://exams.giac.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
453761
cf-polished
origSize=64698
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 17 Jan 2023 19:58:13 GMT
cf-bgj
minify
server
cloudflare
etag
W/"fcba-185c14f8808"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7919463f9f162bf0-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		1 KB
855 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1XhZMuKBbW10xvw&Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/13.80b1174311323ca5c15d.chunk.js?Q_CLIENTVERSION=1.83.0&Q_CLIENTTYPE=web&Q_BRANDID=exams.giac.org
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
188d124c2bd22049ae71d30bfedb361e9511d0b83682800b0826bd32bb9c59ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://exams.giac.org/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 30 Jan 2023 09:45:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://exams.giac.org
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
permissions-policy
camera=(), geolocation=(), microphone=()
trace-id
6f710285f2a30290
cf-ray
7919463fffb22bf0-FRA
timing-allow-origin
*
Primary Request loginuserpass.php
idp.sans.org/simplesaml/module.php/core/
Redirect Chain
  • https://auth.sans.org/oauth2/authorize?client_id=1o3telv6uan9t38jvkfjp0d7k4&scope=email%20openid%20profile&identity_provider=auth-service-saml-idp&response_type=CODE&redirect_uri=https%3A%2F%2Fexam...
  • https://idp.sans.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=fZHLbsIwEEX3%2FYrIeyd2ElSwSBAtQkWiqtRAF90gk0zBUmK7Hoc%2Bvr7hpcKGpUf3zLXODEffTR3swKEyOiM8ZCQAXZpK6U1Glosp7ZNRfjdE2dSxFePWb%2FUrfL...
  • https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fsp...
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
Requested by
Host: exams.giac.org
URL: https://exams.giac.org/static/js/main.409597e3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6248f8dc5b8767a4ca2b3c15e8c4699168a0cf984bd746271e60a97561da3c68
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self' https://www.sans.org https://uat-www.sans.org https://dev-www.sans.org https://qa-www.sans.org https://preview.sans.org https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com 'sha256-ySIDbTj4eRTqMfmyB3OCaW2exYEeUwj862TjcUV+V+0=' https://www.googletagmanager.com/gtm.js 'sha256-HMkJ+7FkqC6bNgDpmPIOlFnt6zxFUBVyJa5IlU9W+qU=' https://support.google.com/a/answer/60762 https://www.google-analytics.com/analytics.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.onetrust.com/trust/ https://cdn.evgnet.com/beacon/sansccybersecurity/sans_prod/scripts/evergage.min.js https://cdn.evgnet.com/beacon/sansccybersecurity/sans_dev/scripts/evergage.min.js https://developer.evergage.com/web-integration; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://api.qrserver.com https://stats.g.doubleclick.net https://chart.googleapis.com/; style-src 'self' https://api.qrserver.com; font-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://exams.giac.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src 'none';script-src 'self' https://www.sans.org https://uat-www.sans.org https://dev-www.sans.org https://qa-www.sans.org https://preview.sans.org https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com 'sha256-ySIDbTj4eRTqMfmyB3OCaW2exYEeUwj862TjcUV+V+0=' https://www.googletagmanager.com/gtm.js 'sha256-HMkJ+7FkqC6bNgDpmPIOlFnt6zxFUBVyJa5IlU9W+qU=' https://support.google.com/a/answer/60762 https://www.google-analytics.com/analytics.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.onetrust.com/trust/ https://cdn.evgnet.com/beacon/sansccybersecurity/sans_prod/scripts/evergage.min.js https://cdn.evgnet.com/beacon/sansccybersecurity/sans_dev/scripts/evergage.min.js https://developer.evergage.com/web-integration; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://api.qrserver.com https://stats.g.doubleclick.net https://chart.googleapis.com/; style-src 'self' https://api.qrserver.com; font-src 'self';
content-type
text/html; charset=UTF-8
date
Mon, 30 Jan 2023 09:45:24 GMT
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000; includeSubDomains
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
DENY
x-iinfo
12-40174133-40174278 PNNN RT(1675071921734 2308) q(0 0 0 -1) r(0 0) U5
x-ua-compatible
IE=edge
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src 'none';script-src 'self' https://www.sans.org https://uat-www.sans.org https://dev-www.sans.org https://qa-www.sans.org https://preview.sans.org https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com 'sha256-ySIDbTj4eRTqMfmyB3OCaW2exYEeUwj862TjcUV+V+0=' https://www.googletagmanager.com/gtm.js 'sha256-HMkJ+7FkqC6bNgDpmPIOlFnt6zxFUBVyJa5IlU9W+qU=' https://support.google.com/a/answer/60762 https://www.google-analytics.com/analytics.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.onetrust.com/trust/ https://cdn.evgnet.com/beacon/sansccybersecurity/sans_prod/scripts/evergage.min.js https://cdn.evgnet.com/beacon/sansccybersecurity/sans_dev/scripts/evergage.min.js https://developer.evergage.com/web-integration; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://api.qrserver.com https://stats.g.doubleclick.net https://chart.googleapis.com/; style-src 'self' https://api.qrserver.com; font-src 'self';
content-type
text/html; charset=UTF-8
date
Mon, 30 Jan 2023 09:45:24 GMT
location
https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000; includeSubDomains
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
DENY
x-iinfo
12-40174133-40174278 NNNN CT(2 2 0) RT(1675071921734 2131) q(0 0 0 0) r(1 1) U5
x-xss-protection
1; mode=block
main.css
idp.sans.org/simplesaml/module.php/sans/sans-responsive/css/web2021/ 		10 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.sans.org/simplesaml/module.php/sans/sans-responsive/css/web2021/main.css
Requested by
Host: idp.sans.org
URL: https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
7b1ef192f9be418a856962a58ec9a4fe5107562c26cec241c80d39d0f9ef6a7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 09:45:24 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 20 Jan 2023 01:38:09 GMT
x-cdn
Imperva
x-content-type-options
nosniff
etag
W/"63c9f081-26c9"
x-frame-options
DENY
content-type
text/css
x-iinfo
12-40174133-40174278 PNNN RT(1675071921734 2473) q(0 0 0 -1) r(0 0) U5
x-idp-level
live
x-xss-protection
1; mode=block
_Incapsula_Resource
idp.sans.org/ 		154 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idp.sans.org/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=997044155
Requested by
Host: idp.sans.org
URL: https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.31.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0da52b52866aea4080eb933b68b1975f81e4fa413d9debd3f0d4a39520ca3076
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-frame-options
DENY
content-type
application/javascript
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
22060
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

13 Cookies

Domain/Path Name / Value
.giac.org/ Name: visid_incap_1869983
Value: q3JgwnYtRp2C2Nwiir4xOrGR12MAAAAAQUIPAAAAAAAcHiKQJWtz8GaNOhcfGLI2
.giac.org/ Name: incap_ses_892_1869983
Value: Ylj4HIoJxkRtt8XmwQhhDLGR12MAAAAASUe9j1kVhUfjzgfk90Ziew==
.giac.org/ Name: nlbi_1869983_2666078
Value: a3hCcd5keRXLQwYeWJ9KewAAAAAuomE1XwoLdgq5i3OThdQQ
auth.sans.org/ Name: XSRF-TOKEN
Value: 038822cd-8353-439a-87cd-dbe1fb5b7ed9
auth.sans.org/ Name: csrf-state
Value: H9zYZfSeCjxCZCpmVl7XWyvjWAXwYecxlMDefDu1OUzNGxvV_okqPYcnAHiROGNHnK3IyysCny_Wtcgj7jYCsdb0naQZYI0a-sjqRTtK219_d74jTh679OUgvIKm089IXTkGRQo8QEkeh4WVlRnicx42UeCh1Be5ESXSrrntSA0
auth.sans.org/ Name: csrf-state-legacy
Value: H9zYZfSeCjxCZCpmVl7XWyvjWAXwYecxlMDefDu1OUzNGxvV_okqPYcnAHiROGNHnK3IyysCny_Wtcgj7jYCsdb0naQZYI0a-sjqRTtK219_d74jTh679OUgvIKm089IXTkGRQo8QEkeh4WVlRnicx42UeCh1Be5ESXSrrntSA0
auth.sans.org/ Name: visid_incap_2802314
Value: qVAsKWMeQQ+0QbKW05u4/bOR12MAAAAAQUIPAAAAAAB9eDVen8vHX8Jv8tU80upL
auth.sans.org/ Name: nlbi_2802314
Value: XogvW/NaMz0B/hobjpAu6QAAAAAARqCur0T/GSZrXSopjuWo
auth.sans.org/ Name: incap_ses_273_2802314
Value: E7khFWp/swmjxCNO2OTJA7OR12MAAAAANDsTDscDD1WzZ7zHraqAvg==
.idp.sans.org/ Name: SANS_FEDERATED_AUTH
Value: 6fb793adc96bedb86a9f63359e8a8720
idp.sans.org/ Name: visid_incap_2295456
Value: FKtsKsKDSc+v+8GZPwHcLrOR12MAAAAAQUIPAAAAAAAWLym4f4SEzK7fp45b/tEQ
idp.sans.org/ Name: nlbi_2295456_2680373
Value: DH0KUIJyV2OqbCsrzgnhKAAAAAC4/sVliK+4VObB6kn4poX5
idp.sans.org/ Name: incap_ses_892_2295456
Value: VJkkXfNSWjVHuMXmwQhhDLOR12MAAAAAPCCJLBdheDABgY7IpaHQbw==

1 Console Messages

Source Level URL
Text
security error URL: https://idp.sans.org/simplesaml/module.php/core/loginuserpass.php?AuthState=_7f9a1df21963ba3cc6134b579519fcde30e6bf7c8b%3Ahttps%3A%2F%2Fidp.sans.org%2Fsimplesaml%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Durn%253Aamazon%253Acognito%253Asp%253Aus-east-1_13HwBeeI8%26RelayState%3DH4sIAAAAAAAAAC2QW2_iMBCF_4ufMcRJIDhvNK0gYlsWwi1UFTLOOHcnjUMIVP3va6R9O3POp9HM-UEMueiqMDDVYnIm1uL2AuBP0QBddMKubYIVNF3KAStWFjiNap1xnZHKaqHoJlcmaWtNsy4XWW1ETm5rINJA0ra1ckcj6FmphnHK-LBq4tFzZ9WkD9AYaIxX0VMKLYPZ-x8tY-R-IihZWuihqkGmkRZ1U4m0APQ1QLlmF_QRnkQAXtZ7J68u94VzPNy77DA73kLgffH-CuL1Sla7x8e87_bnKv_-G3I5W6Sb1fxjIZeWf78rT97Ph5bHmZOFnoouhmTrU-gbDKvse7Ntlyah58ixs20ycehqF3f-sjSm1D9u8_lmXU3Xbzkk9mFfbGTKe9vcgZeQFxi_BcegaWQbzAx9fPG_zKFiUj1r0F6JXDJxxoZDqGnp_5ArWKFggBoNXwhE_OKMsW0Jim1BTMy4TTA1hXY5mXBB0e8_wWjD4cABAAA.H4sIAAAAAAAAAAEgAN__1MH21Fr7-4bn7OOW4KEam02ubyiQ8nsU4Ag-K5G0DXf9aMJqIAAAAA.4%26cookieTime%3D1675071924(Line 7)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.sans.org https://uat-www.sans.org https://dev-www.sans.org https://qa-www.sans.org https://preview.sans.org https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com 'sha256-ySIDbTj4eRTqMfmyB3OCaW2exYEeUwj862TjcUV+V+0=' https://www.googletagmanager.com/gtm.js 'sha256-HMkJ+7FkqC6bNgDpmPIOlFnt6zxFUBVyJa5IlU9W+qU=' https://support.google.com/a/answer/60762 https://www.google-analytics.com/analytics.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.onetrust.com/trust/ https://cdn.evgnet.com/beacon/sansccybersecurity/sans_prod/scripts/evergage.min.js https://cdn.evgnet.com/beacon/sansccybersecurity/sans_dev/scripts/evergage.min.js https://developer.evergage.com/web-integration". Either the 'unsafe-inline' keyword, a hash ('sha256-P0Zo+gWPaFhVy++I9MNnrJh6tSwSs5LAUZi99S1UMp0='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block