urlscan.io logo urlscan.io
SecurityTrails logo

pen-testing.sans.org Open in urlscan Pro
45.60.33.34  Public Scan

Go To Rescan Add Verdict Report
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Submission: On January 27 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 5 countries across 11 domains to perform 51 HTTP transactions. The main IP is 45.60.33.34, located in United States and belongs to INCAPSULA, US. The main domain is pen-testing.sans.org.
TLS certificate: Issued by GlobalSign CloudSSL CA - SHA256 - G3 on January 24th 2020. Valid for: 3 months.
This is the only time pen-testing.sans.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
37 45.60.33.34 19551 (INCAPSULA)
1 1 93.184.220.66 15133 (EDGECAST)
1 151.101.12.157 54113 (FASTLY)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 204.51.94.43 62669 (SANS-INST...)
1 104.244.42.133 13414 (TWITTER)
2 52.166.11.26 8075 (MICROSOFT...)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 104.244.42.3 13414 (TWITTER)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.17.209.240 13335 (CLOUDFLAR...)
51 12
37    45.60.33.34 (United States)

ASN19551 (INCAPSULA, US)
pen-testing.sans.org
1    93.184.220.66 (London, United Kingdom)

ASN15133 (EDGECAST, US)
platform.twitter.com
1    151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
1    204.51.94.43 (Rockville, United States)

ASN62669 (SANS-INSTITUTE, US)
blogs.sans.org
1    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
2    52.166.11.26 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
addsearch.com
3    2606:4700:10::6814:6e27 (United States)

ASN13335 (CLOUDFLARENET, US)
static.addtoany.com
1    104.244.42.3 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
2    2a00:1450:400c:c04::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    104.17.209.240 (United States)

ASN13335 (CLOUDFLARENET, US)
zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com
Domain Requested by
37 pen-testing.sans.org pen-testing.sans.org
3 static.addtoany.com pen-testing.sans.org
static.addtoany.com
2 stats.g.doubleclick.net 1 redirects pen-testing.sans.org
2 addsearch.com pen-testing.sans.org
2 maxcdn.bootstrapcdn.com pen-testing.sans.org
1 zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com pen-testing.sans.org
1 www.google.de pen-testing.sans.org
1 www.google.com 1 redirects
1 analytics.twitter.com static.ads-twitter.com
1 t.co pen-testing.sans.org
1 blogs.sans.org pen-testing.sans.org
1 static.ads-twitter.com pen-testing.sans.org
1 platform.twitter.com 1 redirects
51 13
Subject Issuer Validity Valid
incapsula.com
GlobalSign CloudSSL CA - SHA256 - G3		 2020-01-24 -
2020-04-29		 3 months crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA		 2019-08-14 -
2020-08-18		 a year crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
*.sans.org
COMODO RSA Organization Validation Secure Server CA		 2017-11-30 -
2021-02-21		 3 years crt.sh
t.co
DigiCert SHA2 High Assurance Server CA		 2019-04-09 -
2020-04-01		 a year crt.sh
www.addsearch.com
DigiCert SHA2 Extended Validation Server CA		 2019-01-08 -
2021-04-07		 2 years crt.sh
ssl472428.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-10 -
2020-06-17		 6 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA		 2019-04-09 -
2020-04-01		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-01-07 -
2020-03-31		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-01-07 -
2020-03-31		 3 months crt.sh
*.qualtrics.com
DigiCert SHA2 Secure Server CA		 2018-10-08 -
2021-01-06		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Frame ID: 59D22C223AB5D27B01FC4064A56E28F2
Requests: 52 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 346F93F982EED39209491D14C6AC7662
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • html /<(?:script|link)[^>]*sh(?:Core|Brush|ThemeDefault)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery-ui.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery-ui.*\.js/i

Page Statistics

51
Requests

100 %
HTTPS

38 %
IPv6

11
Domains

13
Subdomains

12
IPs

5
Countries

468 kB
Transfer

1341 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://platform.twitter.com/oct.js HTTP 301
  • https://static.ads-twitter.com/oct.js
Request Chain 49
  • https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1211611471&utmhn=pen-testing.sans.org&utmcs=windows-1252&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=SANS%20Penetration%20Testing%20%7C%20EQL%20Threat%20Hunting%20%7C%20SANS%20Institute&utmhid=1524909688&utmr=-&utmp=%2Fblog%2F2019%2F12%2F10%2Feql-threat-hunting%2F&utmht=1580144406119&utmac=UA-25324117-2&utmcc=__utma%3D21257146.2098826234.1580144406.1580144406.1580144406.1%3B%2B__utmz%3D21257146.1580144406.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=890151484&utmredir=3&utmu=qjAAAAAAAAAAAAAAAAAAAQAE~ HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25324117-2&cid=2098826234.1580144406&jid=890151484&_v=5.7.2dc&z=1211611471 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25324117-2&cid=2098826234.1580144406&jid=890151484&_v=5.7.2dc&z=1211611471&slf_rd=1&random=3969102513

51 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/ 		73 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
cb14464dc95a9608b3aca7d4b15023b0695d0527e66bc28573c8294b0d194134
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
pen-testing.sans.org
:scheme
https
:path
/blog/2019/12/10/eql-threat-hunting/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Mon, 27 Jan 2020 17:00:04 GMT
server
Apache
strict-transport-security
max-age=31556926; includeSubdomains
set-cookie
sans=gm4n44pcmdvon64a05il4c2c93; path=/; domain=pen-testing.sans.org; secure; HttpOnly sans_awa=eyJyZWZlcnJlcl91cmwiOiJkaXJlY3QiLCJ1dG1fY2FtcGFpZ24iOm51bGwsInV0bV9zb3VyY2UiOm51bGwsInV0bV9jb250ZW50IjpudWxsLCJ1dG1fbWVkaXVtIjpudWxsfQ%3D%3D; expires=Tue, 28-Jan-2020 17:00:05 GMT; Max-Age=86400; path=/; domain=.sans.org; secure; httponly visid_incap_1851338=yoBLcfoSS7Kp4+leiyt6VxMXL14AAAAAQUIPAAAAAADclnsUZrmxmQOfvTTzwwQ6; expires=Tue, 26 Jan 2021 14:28:41 GMT; path=/; Domain=.sans.org nlbi_1851338=RtbgSKA+RAsHBMlr5dOdRwAAAADpYRQSNLtp9OgNnP5Uy+PB; path=/; Domain=.sans.org incap_ses_408_1851338=KTMRcQ8xWHDgBFE2xIOpBRUXL14AAAAAMAanAks6hgQlPx9scdbapQ==; path=/; Domain=.sans.org
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
content-type
text/html; charset=ISO-8859-1
x-cdn
Incapsula
x-iinfo
3-1409805-1409806 NNNN CT(98 339 0) RT(1580144403493 0) q(0 0 5 0) r(16 16) U12
all.css
pen-testing.sans.org/css2/common/libs/fontawesome5/css/ 		45 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/css2/common/libs/fontawesome5/css/all.css
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 20 Jul 2018 00:35:45 GMT
x-cdn
Incapsula
etag
"b277-5716379f63747-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
status
200
x-iinfo
3-1410056-1408970 2CNN RT(1580144405019 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83628, public
content-length
9929
expires
Tue, 28 Jan 2020 16:13:53 GMT
main.css
pen-testing.sans.org/css2/common/bootstrap/ 		95 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/css2/common/bootstrap/main.css
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e7c29cea9bc8cb64d3dced0a5597a268d88ff2d809cba66b38ee5cd6363fa253
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Mon, 20 Jan 2020 17:52:15 GMT
x-cdn
Incapsula
etag
"17c64-59c95f3a3ada9-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
status
200
x-iinfo
3-1410057-1408777 2CNN RT(1580144405023 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83628, public
content-length
13760
expires
Tue, 28 Jan 2020 16:13:53 GMT
jquery.min.js
pen-testing.sans.org/scripts/libs/ 		94 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/scripts/libs/jquery.min.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0d6271f6c1c509d78ee10f14174542be0db49486fe7c23201c1b517a063f578e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 24 Feb 2017 19:03:27 GMT
x-cdn
Incapsula
etag
"176d5-5494b6282e71b-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
status
200
x-iinfo
3-1410058-1408779 2CNN RT(1580144405025 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83628, public
content-length
33213
expires
Tue, 28 Jan 2020 16:13:53 GMT
jquery-ui.min.js
pen-testing.sans.org/scripts/libs/ 		222 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/scripts/libs/jquery-ui.min.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d13dda66728e0602194ae8bc790433e54d79478099012c3d1cf8bd4bc96314a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 24 Feb 2017 19:03:27 GMT
x-cdn
Incapsula
etag
"37cb6-5494b627eec72-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
status
200
x-iinfo
3-1410059-1408970 2CNN RT(1580144405027 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83628, public
content-length
60255
expires
Tue, 28 Jan 2020 16:13:53 GMT
oct.js
static.ads-twitter.com/
Redirect Chain
  • https://platform.twitter.com/oct.js
  • https://static.ads-twitter.com/oct.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/oct.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
age
31554
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-fra19144-FRA
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1580144406.964547,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes

Redirect headers

Access-Control-Allow-Origin
*
Date
Mon, 27 Jan 2020 17:00:05 GMT
Server
ECS (fcn/40FC)
Content-Length
0
Location
https://static.ads-twitter.com/oct.js
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:33:51 GMT
access-control-allow-origin
*
etag
"1544639631"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
9538
main.js
pen-testing.sans.org/scripts/ 		760 B
539 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/scripts/main.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
7842aa3ebdd32584043ce453dc8b21bb10fe07b067a8cad86e92eeb1f8a9a237
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 24 Feb 2017 19:03:27 GMT
x-cdn
Incapsula
etag
"3fb-5494b6286c342-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
status
200
x-iinfo
3-1410060-0 0CNN RT(1580144405031 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=8769, public
content-length
357
expires
Mon, 27 Jan 2020 19:26:14 GMT
widgets.js
pen-testing.sans.org/js/libs/twitter/ 		75 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/js/libs/twitter/widgets.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
c6bf3b5d69a4cd23e9ca52b7b5d1539cf9ca00108a70a67c9cdde26475b39fb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
x-cdn
Incapsula
etag
"f355eccd"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
status
200
x-iinfo
3-1410061-1410062 2CNN RT(1580144405035 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=1, public
content-length
22430
expires
Mon, 27 Jan 2020 17:00:06 GMT
gdpr-common.js
pen-testing.sans.org/scripts/sites/sans/account/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/scripts/sites/sans/account/gdpr-common.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1e34ad070fe71aed26c051f65776d600338d9986abff45a462cc8bfb7d8f7c1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Tue, 09 Apr 2019 00:04:17 GMT
x-cdn
Incapsula
etag
"1811-5860db1ab39aa-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
status
200
x-iinfo
3-1410063-1408970 2CNN RT(1580144405038 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83628, public
content-length
1261
expires
Tue, 28 Jan 2020 16:13:53 GMT
shCore
pen-testing.sans.org/js/syntax-highlighter/ 		15 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/js/syntax-highlighter/shCore
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
32d1434add65b0b17b5af8c027d77ae7cd8f793053043c09fa08edfa4a165faf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
x-cdn
Incapsula
etag
"b4f484c6"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript
status
200
x-iinfo
3-1410064-0 0CNN RT(1580144405041 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=48434, public
content-length
8524
expires
Tue, 28 Jan 2020 06:27:19 GMT
logo.png
pen-testing.sans.org/images/design-site/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design-site/logo.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d6ba1f213b775ad9ed49f721a7560dc6d218b17bc07196173da6a9d701a526ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:45 GMT
x-cdn
Incapsula
etag
"2f8e-5494b6391c276"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410066-0 0CNN RT(1580144405045 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74496, public
content-length
12174
expires
Tue, 28 Jan 2020 13:41:41 GMT
pentest.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/pentest.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1a94a7e433b020b7bc8c84434d231288761fdd5661d458309dcbdcb1e3fd267e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"69e-5494b62195036"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410067-0 0CNN RT(1580144405049 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74498, public
content-length
1494
expires
Tue, 28 Jan 2020 13:41:43 GMT
sans.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		519 B
681 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/sans.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a7705c77a9c0abd3d955498bdcf759a45abc08dd186e3356a63317cb0fb3a179
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Thu, 14 Nov 2019 19:44:33 GMT
x-cdn
Incapsula
etag
"840-59753b5e7dce5"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410073-0 0CNN RT(1580144405061 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74497, public
content-length
519
expires
Tue, 28 Jan 2020 13:41:42 GMT
giac.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		461 B
582 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/giac.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ff7cd83b6ba83a8477cc9e33a1a96368c279494c0e0a56c0e2cafd24e79cca78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:21 GMT
x-cdn
Incapsula
etag
"37e-5494b6221e280"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410078-0 0CNN RT(1580144405093 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=8233, public
content-length
461
expires
Mon, 27 Jan 2020 19:17:18 GMT
isc.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/isc.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b341da27af0df3b1a684241bf1435aba85361e7bc7aa7c1e5a8882bfa3e459a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"748-5494b62195036"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410080-0 0CNN RT(1580144405102 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74497, public
content-length
1792
expires
Tue, 28 Jan 2020 13:41:42 GMT
sti.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/sti.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
08437a64c380db83be2d703c3077615332a21a4d563ddddfa5f68aac03de20b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"c71-5494b62195036"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410087-0 0CNN RT(1580144405112 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74497, public
content-length
1751
expires
Tue, 28 Jan 2020 13:41:42 GMT
awareness.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/awareness.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
73ee4eef63ce261015f3c896e229a478865e56769ebaa1ed897c0522b50ba10e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Thu, 18 Jan 2018 10:15:04 GMT
x-cdn
Incapsula
etag
"c78-5630a3cceac54"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410088-0 0CNN RT(1580144405114 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=8233, public
content-length
2060
expires
Mon, 27 Jan 2020 19:17:18 GMT
cyber-defense.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/cyber-defense.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d24fdfd774af36db06be4c1a229d841d1798983f408d3eddb25827fae18bb7b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:21 GMT
x-cdn
Incapsula
etag
"651-5494b6221e280"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410089-0 0CNN RT(1580144405115 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74498, public
content-length
1493
expires
Tue, 28 Jan 2020 13:41:43 GMT
forensics.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/forensics.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ae36a366c894c9e1543420a9183a1a0067d942804fc71b617eb00101de93a931
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"6a9-5494b62194c4e"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410090-0 0CNN RT(1580144405117 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74498, public
content-length
1705
expires
Tue, 28 Jan 2020 13:41:43 GMT
ics.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/ics.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
acfd97403f7d84235370af15a11711981e3b2b4e3a7c92d65c9aee07cfe85d03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:21 GMT
x-cdn
Incapsula
etag
"b97-5494b6221e280"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410091-0 0CNN RT(1580144405118 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74498, public
content-length
2967
expires
Tue, 28 Jan 2020 13:41:43 GMT
ssi.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/ssi.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
bbdb902706ef76b2034a4059d4c61c81751fb61ce99b75af4b4b6021c01337a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"5f4-5494b62195036"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410093-0 0CNN RT(1580144405120 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74498, public
content-length
1388
expires
Tue, 28 Jan 2020 13:41:43 GMT
sic.png
pen-testing.sans.org/images/design/custom/site-selector/site-icons/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/site-selector/site-icons/sic.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5eb682c4e68f9a2083ba0a4a94205731aa897b828297cb797b5fbb07a66c389d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"1846-5494b62195036"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410094-0 0CNN RT(1580144405122 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74498, public
content-length
5100
expires
Tue, 28 Jan 2020 13:41:43 GMT
addSearch.js
pen-testing.sans.org/scripts/ 		2 KB
876 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/scripts/addSearch.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ef543144cb29d55ff80cedd2c6636e037532fa1cb924a3f1e4ff38c316559090
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Mon, 21 May 2018 18:30:39 GMT
x-cdn
Incapsula
etag
"6c5-56cbb7fa7903d-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
status
200
x-iinfo
3-1410071-0 0CNN RT(1580144405058 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=8233, public
content-length
750
expires
Mon, 27 Jan 2020 19:17:18 GMT
eql-query.png
blogs.sans.org/pen-testing/files/2019/12/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogs.sans.org/pen-testing/files/2019/12/eql-query.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.51.94.43 Rockville, United States, ASN62669 (SANS-INSTITUTE, US),
Reverse DNS
Software
nginx /
Resource Hash
f550727daae79fc3f9dc48f22956b6371c23a37acd36a451989a4189c30c64e4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Mon, 27 Jan 2020 17:00:06 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 09 Dec 2019 18:27:07 GMT
Server
nginx
ETag
"53b2a742eee08c7e7e3f140910f51409"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
keep-alive
Strict-Transport-Security
max-age=31556926; includeSubdomains
Content-Length
56430
X-XSS-Protection
1; mode=block
Expires
Thu, 30 Mar 2023 02:46:46 GMT
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/ 		115 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:34:07 GMT
access-control-allow-origin
*
etag
"1544639647"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
19240
shCore.css
pen-testing.sans.org/css2/common/syntax_highlighter/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/css2/common/syntax_highlighter/shCore.css
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3cd076d5cbde2baee107590a11b56060e69fe13c07fe1d9f06f654b70de570e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"183c-5494b621ae1c3-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
status
200
x-iinfo
3-1410068-0 0CNN RT(1580144405050 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=8233, public
content-length
1073
expires
Mon, 27 Jan 2020 19:17:18 GMT
shCoreDefault.css
pen-testing.sans.org/css2/common/syntax_highlighter/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/css2/common/syntax_highlighter/shCoreDefault.css
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d04587a8a282181f636ad64ca0d60c742968a4888f4e8590e0130be899e9a216
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"2200-5494b6211c2df-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
status
200
x-iinfo
3-1410069-1408970 2CNN RT(1580144405052 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83628, public
content-length
1291
expires
Tue, 28 Jan 2020 16:13:53 GMT
gas.min.js
pen-testing.sans.org/scripts/libs/GAS/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/scripts/libs/GAS/gas.min.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
084224ec4da00481d9247f975de9efd248b15871b29dd21e774f670edae1484f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 24 Feb 2017 19:03:27 GMT
x-cdn
Incapsula
etag
"3eff-5494b627edcd3-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
status
200
x-iinfo
3-1410095-1408970 2CNN RT(1580144405123 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83628, public
content-length
5365
expires
Tue, 28 Jan 2020 16:13:53 GMT
adsct
t.co/i/ 		43 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuwz0&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=0
content-length
65
x-xss-protection
0
x-response-time
127
pragma
no-cache
last-modified
Mon, 27 Jan 2020 17:00:06 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
5ff43c8770322df3dc259cbd3baa5333
x-transaction
00644df3007ea6af
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
addsearch.com/searchui/v3/ 		53 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://addsearch.com/searchui/v3/?key=58b8a4a0d3818cf198ff88f660f8f8f9&i=
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/addSearch.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
4988094f7f92393b4210f90b6ceedfdfc493162e3636240f12407e97cc5eaab3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Mon, 27 Jan 2020 17:00:06 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Type
application/javascript;charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
default
pen-testing.sans.org/captcha/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/captcha/default
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
e29137d7835cc1d839382e10e7dab7966016c39459a65b7ca58556597dbf0995
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 27 Jan 2020 17:00:06 GMT
x-content-type-options
nosniff
server
Apache
x-frame-options
SAMEORIGIN
x-cdn
Incapsula
content-type
image/png
status
200
x-iinfo
3-1410096-1409806 PNNN RT(1580144405125 0) q(0 0 0 -1) r(3 3) U2
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
strict-transport-security
max-age=31556926; includeSubdomains
x-xss-protection
1; mode=block
expires
Thu, 19 Nov 1981 08:52:00 GMT
page.js
static.addtoany.com/menu/ 		79 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:6e27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
132c8e6ec790b8c46b76b90e6e09f8d30af5aba933948ad2718ac04523eef007
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
via
e5s
x-content-type-options
nosniff
cf-cache-status
HIT
age
28274
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
last-modified
Wed, 11 Dec 2019 09:16:11 GMT
server
cloudflare
etag
W/"13d57-5996a14685594"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=172800
cf-ray
55bc47e98d5b972a-FRA
cf-bgj
minify
logo-footer.png
pen-testing.sans.org/images/design-site/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design-site/logo-footer.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
52430bc2c0fde652b9a56888174eeb8d8f05b151aa321fb97600443431cec9de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:46 GMT
x-cdn
Incapsula
etag
"14ee-5494b639c92e6"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410097-0 0CNN RT(1580144405126 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=8234, public
content-length
5050
expires
Mon, 27 Jan 2020 19:17:19 GMT
twitter-icon.png
pen-testing.sans.org/images/design/custom/icons/ 		639 B
800 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/icons/twitter-icon.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d2c9242a9535f2a13732419552d5ae8d2df5e95ffb82bdd128fdfc1c28f49efc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Wed, 28 Aug 2019 02:41:28 GMT
x-cdn
Incapsula
etag
"4aa-5912453775f5d"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410098-0 0CNN RT(1580144405128 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=48436, public
content-length
639
expires
Tue, 28 Jan 2020 06:27:21 GMT
facebook-icon.png
pen-testing.sans.org/images/design/custom/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/icons/facebook-icon.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b5bbeebd5672dcff16587652d5380c9ce294d0111eb6f82368da1f5dd113792c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"4be-5494b621698fd"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410099-0 0CNN RT(1580144405129 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=48436, public
content-length
1214
expires
Tue, 28 Jan 2020 06:27:21 GMT
rss-icon.png
pen-testing.sans.org/images/design/custom/icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/icons/rss-icon.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
945790cd5a06da05916a9d54b0b267c7a1d7183a1f23eb8b0686ec6e125c42df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"5ab-5494b6216b83c"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410100-0 0CNN RT(1580144405130 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=17236, public
content-length
1425
expires
Mon, 27 Jan 2020 21:47:21 GMT
AAAAAA-20.png
addsearch.com/logo/ 		631 B
912 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://addsearch.com/logo/AAAAAA-20.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.166.11.26 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
048de346782234f3d5258455744f6f562237cb6c16f4dbbcd287e07582bd14f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Mon, 27 Jan 2020 17:00:06 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Content-Length
631
Expires
Thu, 31 Dec 2037 23:55:55 GMT
footer_fade.png
pen-testing.sans.org/images/design/custom/misc/ 		175 B
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/images/design/custom/misc/footer_fade.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f08044440f12dba2ba84779cc1034fbf90b68b70a9d95650aa26b716ae336bec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/css2/common/bootstrap/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"af-5494b62178f0d"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410101-0 0CNN RT(1580144405130 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74509, public
content-length
175
expires
Tue, 28 Jan 2020 13:41:54 GMT
Diavlo_LIGHT_II_37.otf
pen-testing.sans.org/fonts/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/fonts/Diavlo_LIGHT_II_37.otf
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
27169de0753bb6bd81452655e1c3c261b8f0b72cf5fc0db4cbe1780dedaf6bd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://pen-testing.sans.org/css2/common/bootstrap/main.css
Origin
https://pen-testing.sans.org

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Wed, 11 Jan 2017 23:16:01 GMT
x-cdn
Incapsula
etag
"827c-545d9c8b3d26d"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/vnd.oasis.opendocument.formula-template
status
200
x-iinfo
3-1410102-0 0CNN RT(1580144405132 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=74506, public
content-length
33404
expires
Tue, 28 Jan 2020 13:41:51 GMT
jquery-ui.css
pen-testing.sans.org/css2/common/ 		34 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/css2/common/jquery-ui.css
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f025f16d888ce1c0910bd11a5edbd69b88c6499db3360bbe7a3b299d304ee839
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
content-encoding
gzip
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"88c1-5494b621197e8-gzip"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css
status
200
x-iinfo
3-1410106-1408970 2CNN RT(1580144405150 0) q(0 0 0 -1) r(0 0)
cache-control
max-age=83629, public
content-length
5967
expires
Tue, 28 Jan 2020 16:13:54 GMT
get-countries-json
pen-testing.sans.org/gdpr/ 		15 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/gdpr/get-countries-json
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
0a4e4ac6f343d595da3e207e66c3a6c16ee28f3ebabcefc499cc2cea42c78b57
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Incapsula
status
200
x-iinfo
3-1410107-1410108 NNNY CT(0 0 0) RT(1580144405151 0) q(0 0 0 -1) r(4 4) U2
vary
Accept-Encoding
content-length
3181
x-xss-protection
1; mode=block
pragma
no-cache
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31556926; includeSubdomains
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
https://www.counterhackchallenges.com
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires
Thu, 19 Nov 1981 08:52:00 GMT
get-countries-json
pen-testing.sans.org/gdpr/ 		15 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/gdpr/get-countries-json
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
0a4e4ac6f343d595da3e207e66c3a6c16ee28f3ebabcefc499cc2cea42c78b57
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Incapsula
status
200
x-iinfo
3-1410109-1410110 NNNY CT(0 0 0) RT(1580144405152 0) q(0 0 0 -1) r(4 4) U2
vary
Accept-Encoding
content-length
3181
x-xss-protection
1; mode=block
pragma
no-cache
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31556926; includeSubdomains
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
https://www.counterhackchallenges.com
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires
Thu, 19 Nov 1981 08:52:00 GMT
get-gdpr-notice
pen-testing.sans.org/gdpr/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pen-testing.sans.org/gdpr/get-gdpr-notice
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Apache /
Resource Hash
2d23c81ab26b0adc84c9d2a1517087a171fa119236f92a29dbd0aad343b06453
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Incapsula
status
200
x-iinfo
3-1410112-1410113 NNNY CT(0 0 0) RT(1580144405154 0) q(0 0 0 -1) r(7 7) U2
vary
Accept-Encoding
content-length
1879
x-xss-protection
1; mode=block
pragma
no-cache
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31556926; includeSubdomains
content-type
application/json
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires
Thu, 19 Nov 1981 08:52:00 GMT
adsct
analytics.twitter.com/i/ 		31 B
266 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuwz0&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fpen-testing.sans.org%2Fblog%2F2019%2F12%2F10%2Feql-threat-hunting%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/oct.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
122
pragma
no-cache
last-modified
Mon, 27 Jan 2020 17:00:06 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
4fd6320fd2648424a0e27b78c5ac03fd
x-transaction
001fc169005d1bb2
expires
Tue, 31 Mar 1981 05:00:00 GMT
dc.js
stats.g.doubleclick.net/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/GAS/gas.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
4336
date
Mon, 27 Jan 2020 15:47:50 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17093
expires
Mon, 27 Jan 2020 17:47:50 GMT
sm.22.html
static.addtoany.com/menu/ Frame 346F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/sm.22.html
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:6e27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
static.addtoany.com
:scheme
https
:path
/menu/sm.22.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/

Response headers

status
200
date
Mon, 27 Jan 2020 17:00:06 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=da90087e846207f67b1078571c71a26a51580144406; expires=Wed, 26-Feb-20 17:00:06 GMT; path=/; domain=.addtoany.com; HttpOnly; SameSite=Lax; Secure
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified
Thu, 03 Oct 2019 06:59:00 GMT
etag
W/"70f-593fc1ec1791b"
cache-control
max-age=315360000, immutable
vary
Accept-Encoding
via
e5s
cf-cache-status
HIT
age
915660
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
55bc47ea1e12972a-FRA
content-encoding
br
truncated
/ 		34 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/gif
icons.29.svg.js
static.addtoany.com/menu/svg/ 		78 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/svg/icons.29.svg.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:6e27 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
via
e5s
x-content-type-options
nosniff
cf-cache-status
HIT
age
16103542
p3p
CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
last-modified
Mon, 31 Dec 2018 23:29:11 GMT
server
cloudflare
etag
W/"13937-57e59c7b88bd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000, immutable
cf-ray
55bc47ea2e25972a-FRA
cf-bgj
minify
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/gif
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1211611471&utmhn=pen-testing.sans.org&utmcs=windows-1252&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl...
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25324117-2&cid=2098826234.1580144406&jid=890151484&_v=5.7.2dc&z=1211611471
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25324117-2&cid=2098826234.1580144406&jid=890151484&_v=5.7.2dc&z=1211611471&slf_rd=1&random=3969102513
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25324117-2&cid=2098826234.1580144406&jid=890151484&_v=5.7.2dc&z=1211611471&slf_rd=1&random=3969102513
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 27 Jan 2020 17:00:06 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 27 Jan 2020 17:00:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-25324117-2&cid=2098826234.1580144406&jid=890151484&_v=5.7.2dc&z=1211611471&slf_rd=1&random=3969102513
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ui-bg_flat_75_ffffff_40x100.png
pen-testing.sans.org/css2/common/images/ 		87 B
182 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pen-testing.sans.org/css2/common/images/ui-bg_flat_75_ffffff_40x100.png
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/scripts/libs/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.33.34 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f0e8a696601753f54a53630cac238b32ac157bdf651374b5b23d6230be8af7cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://pen-testing.sans.org/css2/common/jquery-ui.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:05 GMT
last-modified
Fri, 24 Feb 2017 19:03:20 GMT
x-cdn
Incapsula
etag
"b2-5494b621aaefd"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/png
status
200
x-iinfo
3-1410182-0 0CNN RT(1580144405599 0) q(0 -1 -1 -1) r(1 -1)
cache-control
max-age=48436, public
content-length
87
expires
Tue, 28 Jan 2020 06:27:21 GMT
/
zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		70 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_ZID=ZN_5mZSMKPycxWSqpf&Q_LOC=https%3A%2F%2Fpen-testing.sans.org%2Fblog%2F2019%2F12%2F10%2Feql-threat-hunting%2F&t=1580144406831
Requested by
Host: pen-testing.sans.org
URL: https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8ba1619f3d7a52b3962f60709d283217ee475bc6adf886f6c7f7b29eefd6f00a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://pen-testing.sans.org/blog/2019/12/10/eql-threat-hunting/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Mon, 27 Jan 2020 17:00:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
570829
cf-polished
origSize=73027
status
200
edge-control
max-age=604800
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-bgj
minify
server
cloudflare
x-powered-by
Express
etag
W/"11d43-qRWbxQuSsy5QIdnh16zmG0aouEo"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=60, s-maxage=604800
cf-ray
55bc47ef197ac82f-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery object| _gas function| cleanUtm object| twttr object| jQuery111306230654904043613 boolean| adminPage undefined| modal object| allCountries function| applyAgreementText function| openModal function| closeModal function| getCountries function| getSelectedCountry function| XRegExp object| SyntaxHighlighter object| addsearch_custdata object| AddSearchAsync object| _gaq object| a2a_config object| a2a function| a2a_show_dropdown function| a2a_miniLeaveDelay function| a2a_init object| icons string| svg_tag_open string| svg_tag_close undefined| svg_src undefined| svg_src_default number| a2apage_init string| addsearch_suid object| addsearch_searchsettings object| addsearch_i18n string| addsearch_html string| addsearch_social object| addsearchUtils object| addsearch boolean| addSearchSupportsPassive object| opts object| _gat object| gaGlobal undefined| color object| QSI

11 Cookies

Domain/Path Name / Value
.addtoany.com/ Name: uvc
Value: 1
.pen-testing.sans.org/ Name: __utmz
Value: 21257146.1580144406.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.pen-testing.sans.org/ Name: __utmt
Value: 1
.pen-testing.sans.org/ Name: __utmc
Value: 21257146
.sans.org/ Name: incap_ses_408_1851338
Value: KTMRcQ8xWHDgBFE2xIOpBRUXL14AAAAAMAanAks6hgQlPx9scdbapQ==
.sans.org/ Name: nlbi_1851338
Value: RtbgSKA+RAsHBMlr5dOdRwAAAADpYRQSNLtp9OgNnP5Uy+PB
.sans.org/ Name: visid_incap_1851338
Value: yoBLcfoSS7Kp4+leiyt6VxMXL14AAAAAQUIPAAAAAADclnsUZrmxmQOfvTTzwwQ6
.sans.org/ Name: sans_awa
Value: eyJyZWZlcnJlcl91cmwiOiJkaXJlY3QiLCJ1dG1fY2FtcGFpZ24iOm51bGwsInV0bV9zb3VyY2UiOm51bGwsInV0bV9jb250ZW50IjpudWxsLCJ1dG1fbWVkaXVtIjpudWxsfQ%3D%3D
.pen-testing.sans.org/ Name: __utmb
Value: 21257146.1.10.1580144406
.pen-testing.sans.org/ Name: __utma
Value: 21257146.2098826234.1580144406.1580144406.1580144406.1
.pen-testing.sans.org/ Name: sans
Value: gm4n44pcmdvon64a05il4c2c93

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addsearch.com
analytics.twitter.com
blogs.sans.org
maxcdn.bootstrapcdn.com
pen-testing.sans.org
platform.twitter.com
static.addtoany.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
www.google.com
www.google.de
zn5mzsmkpycxwsqpf-sans.siteintercept.qualtrics.com
104.17.209.240
104.244.42.133
104.244.42.3
151.101.12.157
2001:4de0:ac19::1:b:2a
204.51.94.43
2606:4700:10::6814:6e27
2a00:1450:4001:81c::2004
2a00:1450:4001:820::2003
2a00:1450:400c:c04::9d
45.60.33.34
52.166.11.26
93.184.220.66
048de346782234f3d5258455744f6f562237cb6c16f4dbbcd287e07582bd14f6
084224ec4da00481d9247f975de9efd248b15871b29dd21e774f670edae1484f
08437a64c380db83be2d703c3077615332a21a4d563ddddfa5f68aac03de20b4
0a4e4ac6f343d595da3e207e66c3a6c16ee28f3ebabcefc499cc2cea42c78b57
0d6271f6c1c509d78ee10f14174542be0db49486fe7c23201c1b517a063f578e
132c8e6ec790b8c46b76b90e6e09f8d30af5aba933948ad2718ac04523eef007
1a94a7e433b020b7bc8c84434d231288761fdd5661d458309dcbdcb1e3fd267e
1e34ad070fe71aed26c051f65776d600338d9986abff45a462cc8bfb7d8f7c1f
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
27169de0753bb6bd81452655e1c3c261b8f0b72cf5fc0db4cbe1780dedaf6bd6
2d23c81ab26b0adc84c9d2a1517087a171fa119236f92a29dbd0aad343b06453
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
32d1434add65b0b17b5af8c027d77ae7cd8f793053043c09fa08edfa4a165faf
3cd076d5cbde2baee107590a11b56060e69fe13c07fe1d9f06f654b70de570e7
4988094f7f92393b4210f90b6ceedfdfc493162e3636240f12407e97cc5eaab3
52430bc2c0fde652b9a56888174eeb8d8f05b151aa321fb97600443431cec9de
5eb682c4e68f9a2083ba0a4a94205731aa897b828297cb797b5fbb07a66c389d
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
73ee4eef63ce261015f3c896e229a478865e56769ebaa1ed897c0522b50ba10e
7842aa3ebdd32584043ce453dc8b21bb10fe07b067a8cad86e92eeb1f8a9a237
8ba1619f3d7a52b3962f60709d283217ee475bc6adf886f6c7f7b29eefd6f00a
945790cd5a06da05916a9d54b0b267c7a1d7183a1f23eb8b0686ec6e125c42df
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a7705c77a9c0abd3d955498bdcf759a45abc08dd186e3356a63317cb0fb3a179
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acfd97403f7d84235370af15a11711981e3b2b4e3a7c92d65c9aee07cfe85d03
ae36a366c894c9e1543420a9183a1a0067d942804fc71b617eb00101de93a931
b341da27af0df3b1a684241bf1435aba85361e7bc7aa7c1e5a8882bfa3e459a9
b5bbeebd5672dcff16587652d5380c9ce294d0111eb6f82368da1f5dd113792c
bbdb902706ef76b2034a4059d4c61c81751fb61ce99b75af4b4b6021c01337a1
c6bf3b5d69a4cd23e9ca52b7b5d1539cf9ca00108a70a67c9cdde26475b39fb8
cb14464dc95a9608b3aca7d4b15023b0695d0527e66bc28573c8294b0d194134
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550
d04587a8a282181f636ad64ca0d60c742968a4888f4e8590e0130be899e9a216
d13dda66728e0602194ae8bc790433e54d79478099012c3d1cf8bd4bc96314a4
d24fdfd774af36db06be4c1a229d841d1798983f408d3eddb25827fae18bb7b1
d2c9242a9535f2a13732419552d5ae8d2df5e95ffb82bdd128fdfc1c28f49efc
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d6ba1f213b775ad9ed49f721a7560dc6d218b17bc07196173da6a9d701a526ed
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e29137d7835cc1d839382e10e7dab7966016c39459a65b7ca58556597dbf0995
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e7c29cea9bc8cb64d3dced0a5597a268d88ff2d809cba66b38ee5cd6363fa253
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef543144cb29d55ff80cedd2c6636e037532fa1cb924a3f1e4ff38c316559090
f025f16d888ce1c0910bd11a5edbd69b88c6499db3360bbe7a3b299d304ee839
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f08044440f12dba2ba84779cc1034fbf90b68b70a9d95650aa26b716ae336bec
f0e8a696601753f54a53630cac238b32ac157bdf651374b5b23d6230be8af7cc
f550727daae79fc3f9dc48f22956b6371c23a37acd36a451989a4189c30c64e4
ff7cd83b6ba83a8477cc9e33a1a96368c279494c0e0a56c0e2cafd24e79cca78