www.sans.org Open in urlscan Pro
45.60.31.34 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf
Effective URL:
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Submission: On November 17 via api (November 17th 2021, 1:05:09 am UTC) from TW — Scanned from DE

Summary HTTP 21 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 21 HTTP transactions. The main IP is 45.60.31.34, located in United States and belongs to INCAPSULA, US. The main domain is www.sans.org.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2020 on July 26th 2021. Valid for: 6 months.

This is the only time www.sans.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 15	45.60.31.34 45.60.31.34	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	52.166.11.26 52.166.11.26	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
21	7

15 45.60.31.34 (United States) 1 redirects

ASN19551 (INCAPSULA, US)

digital-forensics.sans.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.sans.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.166.11.26 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

addsearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	sans.org 1 redirects digital-forensics.sans.org www.sans.org	1 MB
3	gstatic.com fonts.gstatic.com www.gstatic.com	91 KB
2	addsearch.com addsearch.com	15 KB
1	google.com www.google.com	970 B
1	googletagmanager.com www.googletagmanager.com
21	5

	Domain	Requested by
14	www.sans.org	www.sans.org
2	fonts.gstatic.com	www.sans.org
2	addsearch.com	www.sans.org addsearch.com
1	www.gstatic.com	www.google.com
1	www.google.com	www.sans.org
1	www.googletagmanager.com	www.sans.org
1	digital-forensics.sans.org	1 redirects
21	7

This site contains links to these domains. Also see Links.

Domain
www.sans.edu
www.giac.org
isc.sans.edu
ics.sans.org
sans.bamboohr.com
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com
www.addsearch.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-07-26` - `2022-01-25`	6 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.addsearch.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-08-16` - `2022-09-04`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
Frame ID: 0FE7EFF18244A5CAA45F9B0D36E8345F
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404 - Page Not FoundBack ButtonSearch IconFilter IconCookies Button

Page URL History Show full URLs

https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf HTTP 301
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf Page URL

Page Statistics

21
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

1154 kB
Transfer

5826 kB
Size

8
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sans.edu/?msc=main-nav
Title: College Degrees & Certificates

Search URL Search Domain Scan URL

URL: https://www.giac.org/niceframework/?msc=main-nav
Title: NICE Framework

Search URL Search Domain Scan URL

URL: https://www.giac.org/?msc=utility-nav
Title: GIAC Security Certifications

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/?msc=utility-nav
Title: Internet Storm Center

Search URL Search Domain Scan URL

URL: https://www.sans.edu/?msc=utility-nav
Title: SANS Technology Institute

Search URL Search Domain Scan URL

URL: https://www.giac.org/certifications/?msc=footer-secondary-nav
Title: Certifications

Search URL Search Domain Scan URL

URL: https://www.sans.edu/?msc=footer-secondary-nav
Title: Degree Programs

Search URL Search Domain Scan URL

URL: https://ics.sans.org/?msc=footer-secondary-nav
Title: Industrial Control Systems

Search URL Search Domain Scan URL

URL: https://sans.bamboohr.com/jobs/
Title: Careers

Search URL Search Domain Scan URL

URL: https://twitter.com/sansinstitute
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sansinstitute
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TheSANSInstitute
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/14104
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.addsearch.com/?utm_source=customer&utm_medium=referer&utm_campaign=customer

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf HTTP 301
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request poster_2014_find_evil.pdf Show response
www.sans.org/digital-forensics-incident-response/media/
Redirect Chain

https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf
https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

71 KB
11 KB

348ms
320ms

Document
text/html

45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c7720fef814b6b605a2f62e3f65a2c2c4273a7f8d195deb91713ec8134c699dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://learnmore.sans.org https://learnmore.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	Security Headers PathFactory set XFRAMEOPTS
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html
last-modified: Wed, 17 Nov 2021 00:57:08 GMT
content-encoding: gzip
date: Wed, 17 Nov 2021 01:05:04 GMT
cache-control: max-age=30
etag: W/"56d89d60af0b9211f601480f5584c28e"
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 de76d1656e59021109584b73dc63d3ab.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD66-C2
x-amz-cf-id: wg_EPoCUT5inggow5xt17rftO6sGlV8BmH8h_GbbkCL7LdW7nOeEWg==
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
expect-ct: max-age=86400, enforce
x-frame-options: Security Headers PathFactory set XFRAMEOPTS
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' http://learnmore.sans.org https://learnmore.sans.org
x-iinfo: 5-6711306-6711309 NNNN CT(1 22 0) RT(1637111103268 0) q(0 1 1 85) r(2 2) U11

Redirect headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-type: text/html; charset=iso-8859-1
content-length: 296
location: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
x-cdn: Imperva
expect-ct: max-age=84600; enforce
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=31556926; includeSubdomains
x-iinfo: 5-6711287-6711289 NNNN CT(2 26 0) RT(1637111103072 0) q(0 0 1 2) r(1 1) U11

GET
H2 200 f340528.js Show response
www.sans.org/_nuxt/ 5 KB
2 KB 104ms
103ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/f340528.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f3ddcef77bb696be35165e05b75d78caad6fe2b4694096f1d1fa75989d8833c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711333-6698707 2CNN RT(1637111103612 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 1971
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 10 Nov 2021 19:13:23 GMT
x-frame-options: SAMEORIGIN
etag: W/"191bf7538c619ddfa27ca4f8cc7b03b9"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=8, public
expires: Wed, 17 Nov 2021 01:05:11 GMT

GET
H2 200 71e6c37.js Show response
www.sans.org/_nuxt/ 190 KB
64 KB 325ms
324ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/71e6c37.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4552575491b74d0a4383e782da2d32c377d5190d41b8aecdcb371c38001937fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711335-6701110 2CNN RT(1637111103617 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 65392
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 10 Nov 2021 18:12:22 GMT
x-frame-options: SAMEORIGIN
etag: W/"ac5bed9198d04e9799d2a5a332231544"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=9, public
expires: Wed, 17 Nov 2021 01:05:12 GMT

GET
H2 200 4376024.css
www.sans.org/_nuxt/css/ 3 MB
264 KB 105ms
103ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/css/4376024.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

43937f1047049daeebaed0445f64be0e3386d1388d7e78abcc70c364867a3692

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711334-6702686 2CNN RT(1637111103615 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 270238
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Nov 2021 22:26:32 GMT
x-frame-options: SAMEORIGIN
etag: W/"5bf08a555142a435cdb4d4b437eb1966"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=9, public
expires: Wed, 17 Nov 2021 01:05:12 GMT

GET
H2 200 cbf8574.js Show response
www.sans.org/_nuxt/ 1 MB
357 KB 430ms
429ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/cbf8574.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ae3ecf2c0d4b84fca3470c332ca02da6d29926eaff6f800049cd030f33f55768

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711337-6708852 2CNN RT(1637111103622 0) q(0 0 0 -1) r(2 2)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 365274
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 08 Nov 2021 18:19:46 GMT
x-frame-options: SAMEORIGIN
etag: W/"bd052d99970bde52c0f98ca76c5ffce0"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=9, public
expires: Wed, 17 Nov 2021 01:05:12 GMT

GET
H2 200 291a06d.css
www.sans.org/_nuxt/css/ 942 B
587 B 430ms
428ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/css/291a06d.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3dd04db66dc9bb460520fd11e0e8ab22cd96e2f12a2057a82f96a1fcb62cd7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711336-6698707 2CNN RT(1637111103620 0) q(0 0 0 -1) r(2 2)
content-length: 446
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 12 Oct 2021 22:31:06 GMT
x-frame-options: SAMEORIGIN
etag: "6718fd95b8a6948c4adb7a1ace54cde5"
expect-ct: max-age=86400, enforce
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/css
cache-control: max-age=8, public
expires: Wed, 17 Nov 2021 01:05:11 GMT

GET
H2 200 87be7cd.js Show response
www.sans.org/_nuxt/ 393 KB
74 KB 429ms
428ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/87be7cd.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f41bf093144e27fca6acdac8445ee7ccba51d6021df68dddeee6d3dd927c7b13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711338-6705913 2CNN RT(1637111103624 0) q(0 0 0 -1) r(0 0) U18
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 75509
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 17 Nov 2021 00:57:08 GMT
x-frame-options: SAMEORIGIN
etag: W/"7ab8d081829d25ea724970446f025308"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=9, public
expires: Wed, 17 Nov 2021 01:05:12 GMT

GET
H2 200 cfcdfa3.js Show response
www.sans.org/_nuxt/ 10 KB
4 KB 445ms
444ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/cfcdfa3.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a0d74b6be594acfaadcb01ac49f3886063234efd82a0bab9533d49f512b7a2a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711340-6711341 2CNN RT(1637111103626 0) q(0 0 2 -1) r(3 3)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 3615
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Fri, 12 Nov 2021 22:26:32 GMT
x-frame-options: SAMEORIGIN
etag: W/"a83029843d955acd681814133723e120"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=9, public
expires: Wed, 17 Nov 2021 01:05:12 GMT

GET
H2 200 d885b66.js Show response
www.sans.org/_nuxt/ 615 B
661 B 542ms
541ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/d885b66.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ecb01a34ce7eb436c1eb2c9fabb08d50ad4eb44f20983ad53cab622ceb2a5934

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711342-6701110 2VNN RT(1637111103629 0) q(0 2 2 -1) r(3 3)
content-length: 414
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 10 Nov 2021 18:12:22 GMT
x-frame-options: SAMEORIGIN
etag: "fdecd20ac12e7184ebf7527b1f3e7c16"
expect-ct: max-age=86400, enforce
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript
cache-control: max-age=30, public
expires: Wed, 17 Nov 2021 01:05:33 GMT

GET
H2 200 gtm.js
www.googletagmanager.com/ 62 KB
0 1142ms
62ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:05 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55816
x-xss-protection: 0
last-modified: Wed, 17 Nov 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Nov 2021 01:05:05 GMT

GET
H/1.1 200
OK / Show response
addsearch.com/js/ 2 KB
1010 B 78ms
17ms Script
application/javascript 52.166.11.26
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

d936ae979f54420062f98b789a9b8046ae775419a875c521cd762674afc9f45d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 17 Nov 2021 01:05:04 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Length: 729

GET
H2 200 _Incapsula_Resource Show response
www.sans.org/ 143 KB
20 KB 117ms
116ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=637395329

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

51a797a6b6c3267929b5fd8d447958fbb379a105ce91c15a13118c5020f06974

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 20703
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1e9ee3a97e9347ff3e9efc6b9e4182ff3f4f3eac3fdbfc48287552ca08f497a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8373dde4a91ebe50029d6acf1447ab949af75fbb6703979d107087f5c7d85514

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 358 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89b90b3011be7d6a57a3178c94dd1bf90b6643a851c57dc9a8ff6c21f452eff4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 44 KB
44 KB 952ms
91ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v11/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/4376024.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
Origin: https://www.sans.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 13:48:15 GMT
x-content-type-options: nosniff
age: 386210
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45416
x-xss-protection: 0
last-modified: Mon, 22 Jul 2019 19:26:40 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 12 Nov 2022 13:48:15 GMT

GET
H2 200 ClearSans-Regular.e91449d.woff
www.sans.org/_nuxt/fonts/ 128 KB
128 KB 113ms
113ms Font
application/x-font-woff 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/fonts/ClearSans-Regular.e91449d.woff

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/4376024.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d4fe9aaa99bae15c3c5a8f13ff68bfea4bb63c488962c4a0d4fdff717884553c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sans.org/_nuxt/css/4376024.css
Origin: https://www.sans.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:04 GMT
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Oct 2021 09:32:17 GMT
x-cdn: Imperva
etag: "2ea640a7b9802752b71fa6564b2d22ca"
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
x-iinfo: 5-6711367-6698707 2VNN RT(1637111104128 0) q(0 0 0 -1) r(0 0)
x-xss-protection: 1; mode=block
cache-control: max-age=30, public
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 130846
x-content-type-options: nosniff
expires: Wed, 17 Nov 2021 01:05:34 GMT

GET
H2 200 ClearSans-Bold.6667568.woff
www.sans.org/_nuxt/fonts/ 114 KB
114 KB 138ms
138ms Font
application/x-font-woff 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/fonts/ClearSans-Bold.6667568.woff

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/4376024.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

11ebec2c6b408cc5c74f54ce352588752464a82e6322e9a209dcfe6e0dfef533

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sans.org/_nuxt/css/4376024.css
Origin: https://www.sans.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:04 GMT
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 09 Nov 2021 15:21:59 GMT
x-cdn: Imperva
etag: "4cf6f681b05ddc6375e51c804a496fe2"
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: application/x-font-woff
x-iinfo: 5-6711368-6700118 2VNN RT(1637111104130 0) q(0 0 0 -1) r(0 0)
x-xss-protection: 1; mode=block
cache-control: max-age=30, public
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 116584
x-content-type-options: nosniff
expires: Wed, 17 Nov 2021 01:05:34 GMT

GET
H/1.1 200
OK / Show response
addsearch.com/searchui/v3/ 55 KB
14 KB 36ms
35ms Script
application/javascript 52.166.11.26
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://addsearch.com/searchui/v3/?key=58b8a4a0d3818cf198ff88f660f8f8f9&i=

Requested by

Host: addsearch.com
URL: https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

8e448ba85f39bc94d2c02548d7c34a42d73d7cdc0214411c75ac741c06aaa0ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Wed, 17 Nov 2021 01:05:04 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript;charset=UTF-8
Connection: keep-alive
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubdomains;

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
970 B 620ms
90ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/cbf8574.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ada687f52978b6a4b6a3c76f2b89b319dce747943cc12603fdc59830c0af815f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 557
x-xss-protection: 1; mode=block
expires: Wed, 17 Nov 2021 01:05:05 GMT

GET
H2 200 _Incapsula_Resource
www.sans.org/ 1 B
41 B 101ms
101ms Image
text/plain 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/_Incapsula_Resource?SWKMTFSR=1&e=0.22841275746215994

Requested by

Host: www.sans.org
URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
expect-ct: max-age=86400, enforce
x-frame-options: SAMEORIGIN
content-type: text/plain
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
x-content-type-options: nosniff

GET
H2 200 bad881c.js Show response
www.sans.org/_nuxt/ 27 KB
8 KB 104ms
103ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_nuxt/bad881c.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/f340528.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e8cf451f5b7a33676928b9a4c1516dfb9b1c2eace85d1b4887c30fa29adb6a58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 17 Nov 2021 01:05:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn: Imperva
x-iinfo: 5-6711391-6700118 2CNN RT(1637111104382 0) q(0 0 0 -1) r(0 0)
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 7403
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 15 Nov 2021 14:13:24 GMT
x-frame-options: SAMEORIGIN
etag: W/"ba7b3cc952cc4ce84b18129b6c3e2448"
expect-ct: max-age=86400, enforce
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=8, public
expires: Wed, 17 Nov 2021 01:05:12 GMT

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c51b22ebde38fde8e25a63e161463632ad13c614a1268f60848c23ac9c039621

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 722 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 22a95d807e42979166d2d6d9c6bde6715c567c8220956c68c52e133b4352db66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 329 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 06952c6c4ab0ecb9c6ecc808d3f82e67c8a2cf9c182ccb5e17415eb722f3eab0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e27ff355adeddbca26613a8995f64bbea66b1a903625be61a659c7eb33378d9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 512 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2696d7c28956ab18f20f8372e9d95697288323b46904d1c20bc9a5a16421884f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 46 KB
47 KB 437ms
41ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v11/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/_nuxt/css/4376024.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
Origin: https://www.sans.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 11:08:02 GMT
x-content-type-options: nosniff
age: 50223
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46988
x-xss-protection: 0
last-modified: Mon, 22 Jul 2019 19:27:34 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Nov 2022 11:08:02 GMT

GET
H2 200 recaptcha__de.js
www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/ 14 KB
0 1284ms
748ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
Origin: https://www.sans.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 23:44:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4833
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139079
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 21:26:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Wed, 16 Nov 2022 23:44:33 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
digital-forensics.sans.org/	1970-01-19 22:55:15	Name: AWSALB Value: llGRExqVvl9r4rp27QZdHRfGwIyH23/HbDWyLH1LGXgk5WKDD6E+4B4fBTWdrUpVIytV4RMoOeg7qVhwnji+4FtS4BZDXiL0KVDsD1gGgyrjJRaKBAyqi9jNVssL
digital-forensics.sans.org/	1970-01-19 22:55:15	Name: AWSALBCORS Value: llGRExqVvl9r4rp27QZdHRfGwIyH23/HbDWyLH1LGXgk5WKDD6E+4B4fBTWdrUpVIytV4RMoOeg7qVhwnji+4FtS4BZDXiL0KVDsD1gGgyrjJRaKBAyqi9jNVssL
.sans.org/	1970-01-20 07:29:56	Name: visid_incap_1819929 Value: a2HCYnGqR6iocOO4TzY9Bj9VlGEAAAAAQUIPAAAAAAAvC2nwFXVSK2uBrv9/DBy2
.sans.org/	1969-12-31 23:59:59	Name: nlbi_1819929 Value: TsZ+ZbmA7l+6hSnELyVZfwAAAABT+dwICp7S/f4CKRwjy5dR
.sans.org/	1969-12-31 23:59:59	Name: incap_ses_1213_1819929 Value: 77VMZezoj2T4voKEgnHVED9VlGEAAAAAdEq76+gQQ6+oSEIcD7g/VQ==
.sans.org/	1970-01-20 07:29:56	Name: visid_incap_1329355 Value: xAV68RNkQ4mgauRsbQOviT9VlGEAAAAAQUIPAAAAAABMzavrHXdyaRj/8jHwlk0s
.sans.org/	1969-12-31 23:59:59	Name: incap_ses_1213_1329355 Value: LRwbIJHpKxc1v4KEgnHVED9VlGEAAAAAjqH8UYv69z+Uo6kwcdXjiQ==
.sans.org/	1969-12-31 23:59:59	Name: nlbi_1329355_2277483 Value: GHXVZcpMKw8RS1Ud6u6PkgAAAACAz7ZK7TvT54DhQCqbT77T

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.sans.org/digital-forensics-incident-response/media/poster_2014_find_evil.pdf Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' http://learnmore.sans.org https://learnmore.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	Security Headers PathFactory set XFRAMEOPTS
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addsearch.com
digital-forensics.sans.org
fonts.gstatic.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.sans.org
142.250.181.227
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82b::2003
45.60.31.34
52.166.11.26
06952c6c4ab0ecb9c6ecc808d3f82e67c8a2cf9c182ccb5e17415eb722f3eab0
11ebec2c6b408cc5c74f54ce352588752464a82e6322e9a209dcfe6e0dfef533
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
22a95d807e42979166d2d6d9c6bde6715c567c8220956c68c52e133b4352db66
2696d7c28956ab18f20f8372e9d95697288323b46904d1c20bc9a5a16421884f
3dd04db66dc9bb460520fd11e0e8ab22cd96e2f12a2057a82f96a1fcb62cd7f1
43937f1047049daeebaed0445f64be0e3386d1388d7e78abcc70c364867a3692
4552575491b74d0a4383e782da2d32c377d5190d41b8aecdcb371c38001937fb
51a797a6b6c3267929b5fd8d447958fbb379a105ce91c15a13118c5020f06974
8373dde4a91ebe50029d6acf1447ab949af75fbb6703979d107087f5c7d85514
89b90b3011be7d6a57a3178c94dd1bf90b6643a851c57dc9a8ff6c21f452eff4
8e448ba85f39bc94d2c02548d7c34a42d73d7cdc0214411c75ac741c06aaa0ad
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d74b6be594acfaadcb01ac49f3886063234efd82a0bab9533d49f512b7a2a2
ada687f52978b6a4b6a3c76f2b89b319dce747943cc12603fdc59830c0af815f
ae3ecf2c0d4b84fca3470c332ca02da6d29926eaff6f800049cd030f33f55768
c51b22ebde38fde8e25a63e161463632ad13c614a1268f60848c23ac9c039621
c7720fef814b6b605a2f62e3f65a2c2c4273a7f8d195deb91713ec8134c699dd
d1e9ee3a97e9347ff3e9efc6b9e4182ff3f4f3eac3fdbfc48287552ca08f497a
d4fe9aaa99bae15c3c5a8f13ff68bfea4bb63c488962c4a0d4fdff717884553c
d936ae979f54420062f98b789a9b8046ae775419a875c521cd762674afc9f45d
e27ff355adeddbca26613a8995f64bbea66b1a903625be61a659c7eb33378d9e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8cf451f5b7a33676928b9a4c1516dfb9b1c2eace85d1b4887c30fa29adb6a58
ecb01a34ce7eb436c1eb2c9fabb08d50ad4eb44f20983ad53cab622ceb2a5934
f3ddcef77bb696be35165e05b75d78caad6fe2b4694096f1d1fa75989d8833c5
f41bf093144e27fca6acdac8445ee7ccba51d6021df68dddeee6d3dd927c7b13

www.sans.org Open in urlscan Pro 45.60.31.34 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

100 %HTTPS

50 %IPv6

5 Domains

7 Subdomains

7 IPs

3 Countries

1154 kBTransfer

5826 kBSize

8 Cookies

14 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.sans.org Open in urlscan Pro
45.60.31.34 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

1154 kB
Transfer

5826 kB
Size

8
Cookies

21 HTTP transactions
9 data transactions