urlscan.io logo urlscan.io
SecurityTrails logo

www.dfir.training Open in urlscan Pro
2606:4700:3036::6812:2b35  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.dfir.training/component/rssfactory/?view=story&story_id=27
Effective URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Submission: On February 02 via manual from BG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 35 HTTP transactions. The main IP is 2606:4700:3036::6812:2b35, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.dfir.training.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on November 3rd 2019. Valid for: 6 months.
This is the only time www.dfir.training was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

21    2606:4700:3036::6812:2b35 (United States)

ASN13335 (CLOUDFLARENET, US)
www.dfir.training
1    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
5    2a00:1450:4001:81b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    13.35.253.113 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-113.fra6.r.cloudfront.net
certify-js.alexametrics.com
2    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a00:1450:4001:825::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    143.204.214.122 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-122.fra53.r.cloudfront.net
certify.alexametrics.com
Domain Requested by
21 www.dfir.training 1 redirects www.dfir.training
5 fonts.googleapis.com www.dfir.training
2 www.google-analytics.com www.googletagmanager.com
www.dfir.training
2 fonts.gstatic.com www.dfir.training
2 maxcdn.bootstrapcdn.com www.dfir.training
1 certify.alexametrics.com www.dfir.training
1 certify-js.alexametrics.com www.dfir.training
1 www.googletagmanager.com www.dfir.training
1 cdn.jsdelivr.net www.dfir.training
35 9

This site contains no links.

Subject Issuer Validity Valid
sni179334.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-11-03 -
2020-05-11		 6 months crt.sh
ssl363648.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-09-14 -
2020-03-22		 6 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
certify-js.alexametrics.com
Amazon		 2019-07-26 -
2020-08-26		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-01-14 -
2020-04-07		 3 months crt.sh
certify.alexametrics.com
Amazon		 2019-07-26 -
2020-08-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Frame ID: 6B5433DDB84A4C090933396FD427780A
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.dfir.training/component/rssfactory/?view=story&story_id=27 HTTP 302
    https://www.dfir.training/index.php?option=com_content&view=article&id=664 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /(?:<div[^>]+id="wrapper_r"|<(?:link|script)[^>]+(?:feed|components)\/com_|<table[^>]+class="pill)/i
  • meta generator /Joomla!(?: ([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /(?:<div[^>]+id="wrapper_r"|<(?:link|script)[^>]+(?:feed|components)\/com_|<table[^>]+class="pill)/i
  • meta generator /Joomla!(?: ([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

35
Requests

100 %
HTTPS

78 %
IPv6

8
Domains

9
Subdomains

9
IPs

3
Countries

381 kB
Transfer

1252 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.dfir.training/component/rssfactory/?view=story&story_id=27 HTTP 302
    https://www.dfir.training/index.php?option=com_content&view=article&id=664 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
www.dfir.training/
Redirect Chain
  • https://www.dfir.training/component/rssfactory/?view=story&story_id=27
  • https://www.dfir.training/index.php?option=com_content&view=article&id=664
54 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7df4985ad5a2e4f938dfa5e5d2dc1755d2d296c926972056342f1613d17855b3

Request headers

:method
GET
:authority
www.dfir.training
:scheme
https
:path
/index.php?option=com_content&view=article&id=664
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
cookie
__cfduid=d35423791ce804c661e8f394c36d54fc31580656173; 0a5a15c01db5c060d0ec4b6c8b774694=f62573dfeec4bc250ea63461a40e1dcc
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Sun, 02 Feb 2020 15:09:35 GMT
content-type
text/html; charset=utf-8
x-logged-in
False
x-content-powered-by
K2 v2.10.2 (by JoomlaWorks)
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
expires
Wed, 17 Aug 2005 00:00:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
last-modified
Sun, 02 Feb 2020 15:09:35 GMT
vary
User-Agent
x-proxy-cache
MISS
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
55ed16432a7b97c6-FRA
content-encoding
br

Redirect headers

status
302
date
Sun, 02 Feb 2020 15:09:34 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d35423791ce804c661e8f394c36d54fc31580656173; expires=Tue, 03-Mar-20 15:09:33 GMT; path=/; domain=.dfir.training; HttpOnly; SameSite=Lax 0a5a15c01db5c060d0ec4b6c8b774694=f62573dfeec4bc250ea63461a40e1dcc; path=/; secure; HttpOnly
location
/index.php?option=com_content&view=article&id=664
cache-control
max-age=0
expires
Sun, 02 Feb 2020 15:09:34 GMT
vary
User-Agent
x-proxy-cache
MISS
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
55ed163f1bce97c6-FRA
simple-line-icons.css
cdn.jsdelivr.net/npm/simple-line-icons@2.4.1/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/simple-line-icons@2.4.1/css/simple-line-icons.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab9f855e542893de23c7b7e4897eb91066c9dbbfeaa1b1fa73a826867833b4b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
22682860
cf-ray
55ed1648bde296aa-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21043-AMS, cache-fra19128-FRA
server
cloudflare
etag
W/"329e-1wOJAagQuNE/7gtwvi6JZA3p41M"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
k2.css
www.dfir.training/components/com_k2/css/ 		52 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/components/com_k2/css/k2.css?v=2.10.2&b=20191212
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a6144ebc13abbf70f1d60c3931b94ee018e1dcea547d5b61064dc4da2276c2d

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 15 Dec 2019 18:19:49 GMT
server
cloudflare
age
185192
etag
W/"d1b9-599c223f5eddf-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac0097c6-FRA
x-proxy-cache
MISS
expires
Sat, 30 Jan 2021 11:43:02 GMT
bootstrap.min.css
www.dfir.training/media/jui/css/ 		104 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/media/jui/css/bootstrap.min.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c2034182d8adb53aa9f43e93efbca41003b7ec616549aa36222173253e61342

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 12 Aug 2019 23:14:06 GMT
server
cloudflare
age
245296
etag
W/"19f02-58ff3ae33ab80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac0597c6-FRA
x-proxy-cache
MISS
expires
Fri, 29 Jan 2021 19:01:19 GMT
bootstrap-responsive.css
www.dfir.training/media/jui/css/ 		21 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/media/jui/css/bootstrap-responsive.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0828aceacab8a45afd8d00def441364aa4b84a3fd74252b8a8329bc72662f43c

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 12 Aug 2019 23:14:06 GMT
server
cloudflare
age
245296
etag
W/"5561-58ff3ae33ab80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac0797c6-FRA
x-proxy-cache
MISS
expires
Fri, 29 Jan 2021 19:01:19 GMT
favth-bootstrap.css
www.dfir.training/templates/haven/bootstrap/ 		149 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/bootstrap/favth-bootstrap.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2573c72a6b2f4abfc03548c692cc8b96d6bfcf379187c77fd2156cdc0a379789

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
1222345
etag
W/"254a6-55f53db8d112d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac0997c6-FRA
x-proxy-cache
MISS
expires
Mon, 18 Jan 2021 11:37:10 GMT
jquery.min.js
www.dfir.training/media/jui/js/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/media/jui/js/jquery.min.js?e6dcaeaaff54da2a82635b7213de5ed8
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46438fa269f3c172286b81be52a5de84753d68dcc6580f6a98b7942cf129bdc1

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 12 Aug 2019 23:14:06 GMT
server
cloudflare
age
185192
etag
W/"1795e-58ff3ae33ab80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac0a97c6-FRA
x-proxy-cache
MISS
expires
Sat, 30 Jan 2021 11:43:02 GMT
jquery-noconflict.js
www.dfir.training/media/jui/js/ 		21 B
212 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/media/jui/js/jquery-noconflict.js?e6dcaeaaff54da2a82635b7213de5ed8
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
cf-cache-status
HIT
age
3029409
status
200
content-length
21
last-modified
Mon, 12 Aug 2019 23:14:06 GMT
server
cloudflare
etag
"15-58ff3ae33ab80"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent, Accept-Encoding
content-type
application/javascript
expires
Mon, 28 Dec 2020 13:39:26 GMT
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
55ed1648ac0b97c6-FRA
x-proxy-cache
MISS
jquery-migrate.min.js
www.dfir.training/media/jui/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/media/jui/js/jquery-migrate.min.js?e6dcaeaaff54da2a82635b7213de5ed8
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 12 Aug 2019 23:14:06 GMT
server
cloudflare
age
185192
etag
W/"2748-58ff3ae33ab80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac0d97c6-FRA
x-proxy-cache
MISS
expires
Sat, 30 Jan 2021 11:43:03 GMT
k2.frontend.js
www.dfir.training/media/k2/assets/js/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/media/k2/assets/js/k2.frontend.js?v=2.10.2&b=20191212&sitepath=/
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5b914cf359b98f660cb1b56bddef204944722a77deca109753e382a3a91f0e7

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 15 Dec 2019 18:19:50 GMT
server
cloudflare
age
185192
etag
W/"2115-599c224060320-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac1397c6-FRA
x-proxy-cache
MISS
expires
Sat, 30 Jan 2021 11:43:03 GMT
caption.js
www.dfir.training/media/system/js/ 		491 B
406 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/media/system/js/caption.js?e6dcaeaaff54da2a82635b7213de5ed8
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 12 Aug 2019 23:14:06 GMT
server
cloudflare
age
1381965
etag
W/"1eb-58ff3ae33ab80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac2a97c6-FRA
x-proxy-cache
MISS
expires
Sat, 16 Jan 2021 15:16:50 GMT
favth-bootstrap.js
www.dfir.training/templates/haven/bootstrap/ 		68 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/bootstrap/favth-bootstrap.js
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32929fea6f26db05b433ba2adda3285eda3c01f58d8a7885b725b7ed0daf909b

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
1411054
etag
W/"110b6-55f53db8d112d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac2b97c6-FRA
x-proxy-cache
MISS
expires
Sat, 16 Jan 2021 07:12:01 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
access-control-allow-origin
*
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
admin.css
www.dfir.training/templates/haven/admin/ 		17 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/admin/admin.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a55860f68c71ea2e1c0bd5622b5208b0347aadb1280b73db4ddfbd679f545542

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
1411054
etag
W/"44df-55f53db8d20cd-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac1497c6-FRA
x-proxy-cache
MISS
expires
Sat, 16 Jan 2021 07:12:01 GMT
cms.css
www.dfir.training/templates/haven/css/ 		41 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/css/cms.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8aa04d66b4753ab045caa0c73eb0e5f6ef7fb72ce2297f5a099c653852eadddb

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
5553170
etag
W/"a531-55f53db8d1515-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac1b97c6-FRA
x-proxy-cache
MISS
expires
Sun, 29 Nov 2020 08:36:45 GMT
store.css
www.dfir.training/templates/haven/css/ 		37 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/css/store.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b10a9dddac2454f37b9801e402d2a831db20399c8482f7a0af1d87b4fc68025a

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
6265677
etag
W/"954f-55f53db8d1515-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac1d97c6-FRA
x-proxy-cache
MISS
expires
Sat, 21 Nov 2020 02:41:38 GMT
theme.css
www.dfir.training/templates/haven/css/ 		129 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/css/theme.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8120d3eac7e4c2fda4fa2a94a0b0116180536bec6b41363f111a74e7d593ee3f

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
245296
etag
W/"202fd-55f53db8d1515-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac2197c6-FRA
x-proxy-cache
MISS
expires
Fri, 29 Jan 2021 19:01:19 GMT
style.css
www.dfir.training/templates/haven/css/ 		74 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/css/style.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0778a12ecb362c9903d1b5cd63e5f935c33bc31789b94e686e495739e41e4c1

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
114421
etag
W/"12893-55f53db8d1515-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac2297c6-FRA
x-proxy-cache
MISS
expires
Sun, 31 Jan 2021 07:22:33 GMT
style9.css
www.dfir.training/templates/haven/css/styles/ 		41 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/css/styles/style9.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63e9212ca3eb6ec6cb128a4a8c26fd6a55782f8f9aae7cd1baf2ecb370f86ff9

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
245296
etag
W/"a3c4-55f53db8d1515-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac2497c6-FRA
x-proxy-cache
MISS
expires
Fri, 29 Jan 2021 19:01:19 GMT
custom.css
www.dfir.training/templates/haven/css/ 		612 B
323 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/css/custom.css
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f19a89e05fc0d99a3c7cc727b6c945218220a5a07a1cbc4c40772fe0ec6aea04

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
1222345
etag
W/"264-55f53db8d1515-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
text/css
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac2897c6-FRA
x-proxy-cache
MISS
expires
Mon, 18 Jan 2021 11:37:10 GMT
css
fonts.googleapis.com/ 		2 KB
605 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
39be29f582399edb6270c003ff52e7a8c9cc5769c304dc2289bb38b6c3b7f8c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Sun, 02 Feb 2020 15:09:35 GMT
server
ESF
access-control-allow-origin
*
date
Sun, 02 Feb 2020 15:09:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Sun, 02 Feb 2020 15:09:35 GMT
css
fonts.googleapis.com/ 		825 B
407 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Zilla+Slab:300
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
153a9622910551a8d5c1a724b98f5efea065749efda530a80850118c460e1e83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Sun, 02 Feb 2020 15:09:35 GMT
server
ESF
access-control-allow-origin
*
date
Sun, 02 Feb 2020 15:09:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Sun, 02 Feb 2020 15:09:35 GMT
css
fonts.googleapis.com/ 		829 B
412 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Zilla+Slab:500
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
51eebaba21f8957a79c2ddcefbfce6b82ca60cb3d8d0af32c0ee72523cd3a0b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Sun, 02 Feb 2020 15:09:35 GMT
server
ESF
access-control-allow-origin
*
date
Sun, 02 Feb 2020 15:09:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Sun, 02 Feb 2020 15:09:35 GMT
css
fonts.googleapis.com/ 		809 B
407 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Zilla+Slab:400
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4e28020116da9f514ba112cdfc53104e9f60d705efeef89e677e56af94d564ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Sun, 02 Feb 2020 15:09:35 GMT
server
ESF
access-control-allow-origin
*
date
Sun, 02 Feb 2020 15:09:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Sun, 02 Feb 2020 15:09:35 GMT
css
fonts.googleapis.com/ 		2 KB
556 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400italic
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab1fa9b7e93e856390b81b8e88282a39c676a476f2e24d87ddb54d3209e58339
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Sun, 02 Feb 2020 15:09:35 GMT
server
ESF
access-control-allow-origin
*
date
Sun, 02 Feb 2020 15:09:35 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Sun, 02 Feb 2020 15:09:35 GMT
js
www.googletagmanager.com/gtag/ 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-96504300-1
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
abc82107dbc3bd4e49951de9f2de1994dad9b76523ca0e5531b4dfa389bc7f6c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
28428
x-xss-protection
0
expires
Sun, 02 Feb 2020 15:09:35 GMT
favth-scripts.js
www.dfir.training/templates/haven/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dfir.training/templates/haven/js/favth-scripts.js
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29cb936e4ad48ac1c72a99ef752bb1f758ec9db93241c627c1984d4919cea489

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 02 Dec 2017 04:24:13 GMT
server
cloudflare
age
245296
etag
W/"fea-55f53db8d1ce5-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
status
200
cache-control
max-age=31536000
cf-ray
55ed1648ac3397c6-FRA
x-proxy-cache
MISS
expires
Fri, 29 Jan 2021 19:01:19 GMT
404.JPG
www.dfir.training/images/images/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dfir.training/images/images/404.JPG
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6812:2b35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49a196eeaeec52dee9ec37523be9ec8fad807f5d20fd37afd966423afb09b0e0

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 02 Feb 2020 15:09:36 GMT
cf-cache-status
MISS
last-modified
Sun, 29 Jul 2018 03:30:22 GMT
server
cloudflare
etag
"12837-5721af6ff1399"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=31536000
x-proxy-cache
MISS
accept-ranges
bytes
cf-ray
55ed1648ac3597c6-FRA
content-length
75831
expires
Mon, 01 Feb 2021 15:09:35 GMT
atrk.js
certify-js.alexametrics.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://certify-js.alexametrics.com/atrk.js
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.113 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-113.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Fri, 10 Jan 2020 05:35:46 GMT
Content-Encoding
gzip
Last-Modified
Sat, 16 Mar 2019 16:01:33 GMT
Server
AmazonS3
Age
2021630
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
Cache-Control
max-age=26920000
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA6-C1
Connection
keep-alive
X-Amz-Cf-Id
EU-i0_80ZN8BKIasTjNNfsqkxgnssPlfrFGYEc_N6TW3_YIy0W2iKg==
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/media/jui/js/jquery.min.js?e6dcaeaaff54da2a82635b7213de5ed8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400
Origin
https://www.dfir.training

Response headers

date
Sat, 01 Feb 2020 00:22:27 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
139628
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
9132
x-xss-protection
0
expires
Sun, 31 Jan 2021 00:22:27 GMT
dFa6ZfeM_74wlPZtksIFajo6_V6LVlA.woff2
fonts.gstatic.com/s/zillaslab/v5/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/zillaslab/v5/dFa6ZfeM_74wlPZtksIFajo6_V6LVlA.woff2
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/media/jui/js/jquery.min.js?e6dcaeaaff54da2a82635b7213de5ed8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8557157acdb4702ef3f3b238d6337fbc17a05ed2a03ba7a4125c6467ac1bfbc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Zilla+Slab:400
Origin
https://www.dfir.training

Response headers

date
Wed, 22 Jan 2020 14:32:49 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Jul 2019 23:52:07 GMT
server
sffe
age
952606
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
15076
x-xss-protection
0
expires
Thu, 21 Jan 2021 14:32:49 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/media/jui/js/jquery.min.js?e6dcaeaaff54da2a82635b7213de5ed8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin
https://www.dfir.training

Response headers

date
Sun, 02 Feb 2020 15:09:35 GMT
content-encoding
gzip
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
access-control-allow-origin
*
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
status
200
cache-control
public, max-age=31536000
x-hello-human
Say hello back! @getBootstrapCDN on Twitter
accept-ranges
bytes
timing-allow-origin
*
content-length
77171
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-96504300-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 24 Jan 2020 01:10:36 GMT
server
Golfe2
age
4865
date
Sun, 02 Feb 2020 13:48:30 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17926
expires
Sun, 02 Feb 2020 15:48:30 GMT
collect
www.google-analytics.com/r/ 		35 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j80&a=1762860333&t=pageview&_s=1&dl=https%3A%2F%2Fwww.dfir.training%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D664&ul=en-us&de=UTF-8&dt=DFIR%20Training&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=615755128&gjid=623106257&cid=38647466.1580656176&tid=UA-96504300-1&_gid=2107240437.1580656176&_r=1&gtm=2ou1m0&z=482156315
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Feb 2020 15:09:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
atrk.gif
certify.alexametrics.com/ 		43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=DFIR%20Training&time=1580656175639&time_zone_offset=-60&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Fwww.dfir.training%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D664&random_number=2916199719&sess_cookie=7c3616cb17006732a16cbc46957&sess_cookie_flag=1&user_cookie=7c3616cb17006732a16cbc46957&user_cookie_flag=1&dynamic=true&domain=dfir.training&account=+vc0r1DlQy20Y8&jsv=20130128&user_lang=en-US
Requested by
Host: www.dfir.training
URL: https://www.dfir.training/index.php?option=com_content&view=article&id=664
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.122 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-214-122.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.dfir.training/index.php?option=com_content&view=article&id=664
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Sun, 02 Feb 2020 11:50:51 GMT
Via
1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-meta-alexa-last-modified
20110117123941
Last-Modified
Mon, 17 Jan 2011 20:41:40 GMT
Server
AmazonS3
Age
35970
ETag
"221d8352905f2c38b3cb2bd191d630b0"
X-Cache
Hit from cloudfront
Content-Type
image/gif
X-Amz-Cf-Pop
FRA53-C1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
NhX80GTwYgUm37nZhzWwbWNXGlfyAAN9sjh7b3Nbotg1Mjh-sPzkjQ==

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate undefined| $ function| jQuery function| $K2 object| jQuery112408731439141541502 function| JCaption function| gtag object| dataLayer function| favprocess_mobile_menu_onclick function| favprocess_mobile_menu object| google_tag_manager object| _atrk_opts string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| atrk boolean| _atrk_fired

7 Cookies

Domain/Path Name / Value
.dfir.training/ Name: __auc
Value: 7c3616cb17006732a16cbc46957
.dfir.training/ Name: __asc
Value: 7c3616cb17006732a16cbc46957
.dfir.training/ Name: _gid
Value: GA1.2.2107240437.1580656176
www.dfir.training/ Name: 0a5a15c01db5c060d0ec4b6c8b774694
Value: f62573dfeec4bc250ea63461a40e1dcc
.dfir.training/ Name: _gat_gtag_UA_96504300_1
Value: 1
.dfir.training/ Name: _ga
Value: GA1.2.38647466.1580656176
.dfir.training/ Name: __cfduid
Value: d35423791ce804c661e8f394c36d54fc31580656173

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.dfir.training/media/jui/js/jquery-migrate.min.js?e6dcaeaaff54da2a82635b7213de5ed8(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
certify-js.alexametrics.com
certify.alexametrics.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.dfir.training
www.google-analytics.com
www.googletagmanager.com
13.35.253.113
143.204.214.122
2001:4de0:ac19::1:b:2a
2606:4700:3036::6812:2b35
2606:4700::6810:5514
2a00:1450:4001:81b::200a
2a00:1450:4001:81f::2003
2a00:1450:4001:824::2008
2a00:1450:4001:825::200e
0828aceacab8a45afd8d00def441364aa4b84a3fd74252b8a8329bc72662f43c
0a6144ebc13abbf70f1d60c3931b94ee018e1dcea547d5b61064dc4da2276c2d
153a9622910551a8d5c1a724b98f5efea065749efda530a80850118c460e1e83
20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc
2573c72a6b2f4abfc03548c692cc8b96d6bfcf379187c77fd2156cdc0a379789
29cb936e4ad48ac1c72a99ef752bb1f758ec9db93241c627c1984d4919cea489
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
32929fea6f26db05b433ba2adda3285eda3c01f58d8a7885b725b7ed0daf909b
39be29f582399edb6270c003ff52e7a8c9cc5769c304dc2289bb38b6c3b7f8c0
46438fa269f3c172286b81be52a5de84753d68dcc6580f6a98b7942cf129bdc1
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
49a196eeaeec52dee9ec37523be9ec8fad807f5d20fd37afd966423afb09b0e0
4e28020116da9f514ba112cdfc53104e9f60d705efeef89e677e56af94d564ec
51eebaba21f8957a79c2ddcefbfce6b82ca60cb3d8d0af32c0ee72523cd3a0b5
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5b6cf4e6eda02f7c90b60b3c32413c0851915f8f80a268a913b92929085132a6
63e9212ca3eb6ec6cb128a4a8c26fd6a55782f8f9aae7cd1baf2ecb370f86ff9
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7df4985ad5a2e4f938dfa5e5d2dc1755d2d296c926972056342f1613d17855b3
8120d3eac7e4c2fda4fa2a94a0b0116180536bec6b41363f111a74e7d593ee3f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8557157acdb4702ef3f3b238d6337fbc17a05ed2a03ba7a4125c6467ac1bfbc7
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8aa04d66b4753ab045caa0c73eb0e5f6ef7fb72ce2297f5a099c653852eadddb
8c2034182d8adb53aa9f43e93efbca41003b7ec616549aa36222173253e61342
90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7
a0778a12ecb362c9903d1b5cd63e5f935c33bc31789b94e686e495739e41e4c1
a55860f68c71ea2e1c0bd5622b5208b0347aadb1280b73db4ddfbd679f545542
ab1fa9b7e93e856390b81b8e88282a39c676a476f2e24d87ddb54d3209e58339
ab9f855e542893de23c7b7e4897eb91066c9dbbfeaa1b1fa73a826867833b4b1
abc82107dbc3bd4e49951de9f2de1994dad9b76523ca0e5531b4dfa389bc7f6c
b10a9dddac2454f37b9801e402d2a831db20399c8482f7a0af1d87b4fc68025a
c5b914cf359b98f660cb1b56bddef204944722a77deca109753e382a3a91f0e7
e7edf06d6436ec9420c26e56bd02ef5f5c93a9fb189ed16b1db402e57a0ea796
f19a89e05fc0d99a3c7cc727b6c945218220a5a07a1cbc4c40772fe0ec6aea04