www.sans.org Open in urlscan Pro
45.60.31.34 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Submission: On September 24 via manual (September 24th 2024, 9:34:19 am UTC) from LK — Scanned from DE

Summary HTTP 81 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 11 domains to perform 81 HTTP transactions. The main IP is 45.60.31.34, located in United States and belongs to INCAPSULA, US. The main domain is www.sans.org. The Cisco Umbrella rank of the primary domain is 189765.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2024 Q3 on September 6th 2024. Valid for: 6 months.

This is the only time www.sans.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	45.60.31.34 45.60.31.34	19551 (INCAPSULA) (INCAPSULA)
1	2606:4700::68... 2606:4700::6812:4239	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.128.114 151.101.128.114	54113 (FASTLY) (FASTLY)
27	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
2	99.80.22.109 99.80.22.109	16509 (AMAZON-02) (AMAZON-02)
3	142.250.186.163 142.250.186.163	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
7	2606:4700::68... 2606:4700::6812:562a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.68 142.250.186.68	15169 (GOOGLE) (GOOGLE)
2	45.60.33.34 45.60.33.34	19551 (INCAPSULA) (INCAPSULA)
1	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
81	14

32 45.60.31.34 (United States)

ASN19551 (INCAPSULA, US)

www.sans.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4239 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.128.114 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.evgnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 151.101.2.137 (San Francisco, United States)

ASN54113 (FASTLY, US)

images.contentstack.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.80.22.109 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-22-109.eu-west-1.compute.amazonaws.com

addsearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:562a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.60.33.34 (United States)

ASN19551 (INCAPSULA, US)

api.sans.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	sans.org www.sans.org — Cisco Umbrella Rank: 189765 api.sans.org — Cisco Umbrella Rank: 385418	609 KB
27	contentstack.io images.contentstack.io — Cisco Umbrella Rank: 11480	3 MB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 313	137 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	346 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3	968 B
2	addsearch.com addsearch.com — Cisco Umbrella Rank: 50722	15 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 487	303 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 327	25 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	104 KB
1	evgnet.com cdn.evgnet.com — Cisco Umbrella Rank: 3722	48 KB
1	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 1008	91 KB
81	11

	Domain	Requested by
32	www.sans.org	www.sans.org
27	images.contentstack.io	www.sans.org
7	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org www.sans.org
3	fonts.gstatic.com	www.sans.org
2	api.sans.org	cdn.jsdelivr.net
2	www.google.com	www.sans.org www.gstatic.com
2	addsearch.com	www.sans.org addsearch.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	www.gstatic.com	www.google.com
1	cdn.jsdelivr.net	www.googletagmanager.com
1	www.googletagmanager.com	www.sans.org
1	cdn.evgnet.com	www.sans.org
1	cdn.optimizely.com	www.sans.org
81	13

This site contains links to these domains. Also see Links.

Domain
www.sans.edu
www.giac.org
isc.sans.edu
partnerportal.sans.org
bloodhound.readthedocs.io
twitter.com
github.com
attack.mitre.org
policies.google.com
www.facebook.com
www.youtube.com
www.linkedin.com
www.addsearch.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-09-06` - `2025-03-05`	6 months	crt.sh
cdn.optimizely.com WE1	`2024-08-23` - `2024-11-21`	3 months	crt.sh
cdn.evergage.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-14` - `2025-02-12`	a year	crt.sh
*.contentstack.io Gandi RSA Domain Validation Secure Server CA 3	`2024-04-10` - `2025-05-04`	a year	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.addsearch.com E6	`2024-09-05` - `2024-12-04`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
*.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Frame ID: FB19C783AD4DEC7243D66D79F3E6B6A3
Requests: 84 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdRaE8aAAAAAOB9CLy-hHWeafmpvmYkeMpCXrWO&co=aHR0cHM6Ly93d3cuc2Fucy5vcmc6NDQz&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=hfqxqomq7mtk
Frame ID: 90EBB5308D0E1E98735672735EAE2045
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BloodHound – Sniffing Out the Path Through Windows Domains | SANS Institute

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

81
Requests

100 %
HTTPS

38 %
IPv6

11
Domains

13
Subdomains

14
IPs

3
Countries

4567 kB
Transfer

8399 kB
Size

10
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sans.edu/academics/launch-your-cybersecurity-career/
Title: Degree and Certificate Programs

Search URL Search Domain Scan URL

URL: https://www.giac.org/podcasts/
Title: Trust Me, I'm Certified

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/
Title: Internet Storm Center

Search URL Search Domain Scan URL

URL: https://partnerportal.sans.org/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://bloodhound.readthedocs.io/en/latest/installation/linux.html
Title: https://bloodhound.readthedocs.io/en/latest/installation/linux.html

Search URL Search Domain Scan URL

URL: https://twitter.com/mchllmmns/
Title: @mchllmmns

Search URL Search Domain Scan URL

URL: https://github.com/BloodHoundAD/BloodHound
Title: https://github.com/BloodHoundA...

Search URL Search Domain Scan URL

URL: https://github.com/BloodHoundAD/SharpHound3
Title: https://github.com/BloodHoundA...

Search URL Search Domain Scan URL

URL: https://github.com/fox-it/BloodHound.py
Title: https://github.com/fox-it/Bloo...

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1558/003/
Title: https://attack.mitre.org/techn...

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.giac.org/certifications/
Title: Certifications

Search URL Search Domain Scan URL

URL: https://www.sans.edu/
Title: Degree Programs

Search URL Search Domain Scan URL

URL: https://twitter.com/sansinstitute
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sansinstitute
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/TheSANSInstitute
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/14104
Title: LinkedIn

Search URL Search Domain Scan URL

URL: http://www.addsearch.com/?utm_source=customer&utm_medium=referer&utm_campaign=customer

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

81 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/ 312 KB
55 KB 564ms
340ms Document
text/html 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

9ad6c9f4611c7bdec6d90c279b2d3a711c8339c7240b3c686678abc6897d79f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: max-age=30
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
content-type: text/html
date: Tue, 24 Sep 2024 09:34:15 GMT
etag: W/"7fc105ec28fd79923c0294aed7d8456f"
expect-ct: max-age=86400, enforce
last-modified: Tue, 24 Sep 2024 09:05:39 GMT
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 be4fef3f6c1b2c76e0341ff49a27ce40.cloudfront.net (CloudFront)
x-amz-cf-id: MySvNCtzR-atUfAC7ASc_zgLAjq2aPLbbyNhuEMqmoDkRlKwLS-uTw==
x-amz-cf-pop: IAD61-P1
x-cache: Miss from cloudfront
x-cdn: Imperva
x-content-type-options: nosniff
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
x-iinfo: 3-2876366-2876371 NNNN CT(1 5 0) RT(1727170453053 104) q(0 0 0 0) r(0 2) U18
x-xss-protection: 1; mode=block

GET
H2 200 28081820005.js Show response
cdn.optimizely.com/js/ 303 KB
91 KB 64ms
26ms Script
text/javascript 2606:4700::6812:4239
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.optimizely.com/js/28081820005.js
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0ec74216fb371986b939c74281b7e4bc4938361c816a0a8439551323fd5e1e7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
content-encoding: gzip
cf-cache-status: HIT
etag: "ca0f49704803a68123ab55fefd0eef6d"
x-amz-version-id: cK_RrHRMSoWxolNj2Bl4456wOnuYOhU3
age: 289
access-control-allow-methods: GET, HEAD
date: Tue, 24 Sep 2024 09:34:14 GMT
x-amz-meta-revision: 483
content-type: text/javascript; charset=utf-8
last-modified: Fri, 13 Sep 2024 09:26:14 GMT
vary: Accept-Encoding
x-amz-id-2: i1O+x1YXSgNr4bnvJO0N9FzCzhiY7Bs45as16o2P8RLpLePD+IEaFHWG6imydaoSgFOXieDD3d0=
access-control-allow-headers: *
x-amz-replication-status: PENDING
cache-control: max-age=120
timing-allow-origin: *
x-amz-meta-pci_enabled: False
access-control-allow-credentials: false
x-amz-request-id: 1WVFHY85CTDA6XSZ
cf-ray: 8c81c70c2c5f902e-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 92768
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 evergage.min.js Show response
cdn.evgnet.com/beacon/sansccybersecurity/sans_prod/scripts/ 194 KB
48 KB 31ms
9ms Script
application/javascript 151.101.128.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.evgnet.com/beacon/sansccybersecurity/sans_prod/scripts/evergage.min.js
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.128.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 99755c96c0916d2ddb174b63841608ab51faf2830a6d7f2b5d76580bf1c2d17c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-encoding: gzip
etag: "183dc18d36f00e07dc67a2aef5fbd9a7"
x-amz-version-id: UroQAWtWAtwKZLwLKEAiqQHftH309l8d
age: 97
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
last-modified: Mon, 09 Sep 2024 14:47:33 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kjyo7100035-IAD, cache-fra-eddf8230110-FRA
x-cache-hits: 409789, 1
x-amz-id-2: oGewZAtTzOcZWzgQWMKIO6hSlaOeeTaQVjlhf+6kNfZpzHQZEo1YcHa5rPQCawarUAzl8tDryGM=
x-amz-meta-evergage-beacon-ver: 16
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
cache-control: max-age=120
timing-allow-origin: *
x-amz-meta-evergage-sum: e73e71f18d926795ab117e4d7637c4755089aed2
x-timer: S1727170454.411334,VS0,VE2
via: 1.1 varnish, 1.1 varnish
x-amz-request-id: YEEA9Q3W34RH6RAE
accept-ranges: bytes
content-length: 48755
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 7a5cd47.js Show response
www.sans.org/blog/_nuxt/ 7 KB
3 KB 293ms
291ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/7a5cd47.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

7ac5067cb9f7b8702383a92cac6676c311c1afb0d8a098cb7141afa630be1446

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"72cb87b479e2150c785bc6a9fbb72eb6"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Mon, 23 Sep 2024 13:46:18 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876383 2VNN RT(1727170453053 470) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 2754
x-xss-protection: 1; mode=block

GET
H2 200 31238a5.js Show response
www.sans.org/blog/_nuxt/ 200 KB
68 KB 296ms
294ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/31238a5.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

5b486c802e9077063a6c7a3e3509cb0b240d42c9741a6178fd111e696c3e0939

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"c6cafa966bde0cc5ca68ef168c646062"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:46 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2871625 2VNN RT(1727170453053 471) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 69551
x-xss-protection: 1; mode=block

GET
H2 200 2a8bf47.css
www.sans.org/blog/_nuxt/css/ 368 KB
39 KB 195ms
193ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fdccd3f68719f6f758818d17d59487f2973900c5850c618e0b99a9d821da120f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"8b2eb4a48aca87fb42869506c2f7ea5f"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:46 GMT
content-type: text/css
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2871627 2VNN RT(1727170453053 454) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 39193
x-xss-protection: 1; mode=block

GET
H2 200 f397639.js Show response
www.sans.org/blog/_nuxt/ 304 KB
83 KB 393ms
391ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/f397639.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

013720b4aee636386a27d8775f76b963eee6502315602f2e11a950b5d3ebc93d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"0a3b69464130a247a1e9f72c401238ea"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2871623 2VNN RT(1727170453053 472) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 85296
x-xss-protection: 1; mode=block

GET
H2 200 fd21fb5.css
www.sans.org/blog/_nuxt/css/ 971 B
594 B 293ms
292ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/css/fd21fb5.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3faf06748feaa1c7bc8d9d84d262d209c9c47005cbc5be246743b32e2490d7f8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: "e48a670e857e41e71c49c8f4794970b3"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: text/css
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2871623 2VNN RT(1727170453053 459) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 451
x-xss-protection: 1; mode=block

GET
H2 200 f1b3aaf.js Show response
www.sans.org/blog/_nuxt/ 706 KB
128 KB 391ms
390ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/f1b3aaf.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

094464d8435e8000de73cd1a252b512a20b88ac21267bc052e984fc11c1e9fb9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"48944ca18f66b6290ecb6a7b5132cef7"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:44 GMT
date: Tue, 24 Sep 2024 09:34:14 GMT
last-modified: Tue, 24 Sep 2024 09:05:37 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876381 2VNN RT(1727170453053 473) q(0 0 0 -1) r(1 1) U18
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 130300
x-xss-protection: 1; mode=block

GET
H2 200 561c40a.css
www.sans.org/blog/_nuxt/css/ 192 KB
17 KB 294ms
292ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/css/561c40a.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0693e9fb65fb50ef27f0d827d837727d63ae31709a938187d384139bdce8337b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"c28dd40c12f2e27615a181457103a7c1"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:05 GMT
content-type: text/css
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2857551 2VNN RT(1727170453053 464) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 16813
x-xss-protection: 1; mode=block

GET
H2 200 2bb9c2d.js Show response
www.sans.org/blog/_nuxt/ 460 KB
49 KB 394ms
393ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/2bb9c2d.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f947a7dfc8b148f98328db891c1b642e66b5dcc9cb3ff42e3898c180f91e6f95

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"5192ae6a3e75421010fb783c8ddba80d"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 06 Sep 2024 11:52:33 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876391 2VNN RT(1727170453053 475) q(0 0 1 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 50110
x-xss-protection: 1; mode=block

GET
H2 200 53c8a7b.css
www.sans.org/blog/_nuxt/css/ 23 KB
4 KB 292ms
291ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/css/53c8a7b.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

9bf4d14b1044adeabdb7e7fbe5767bba94622459dc9be7640a3a0c127bd1be6b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"abe9ff47d4781e91fadb3bce0d422b0b"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:46 GMT
content-type: text/css
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2874948 2VNN RT(1727170453053 467) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 3624
x-xss-protection: 1; mode=block

GET
H2 200 e969f84.js Show response
www.sans.org/blog/_nuxt/ 16 KB
6 KB 302ms
301ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/e969f84.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

57103fb89893af154cafe3cb97117d458e5b90a4610b8831b8aef8df84061f01

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"e3f80c24fef691851eb5c31a9c94aa9c"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2869142 2VNN RT(1727170453053 553) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 5970
x-xss-protection: 1; mode=block

GET
H2 200 8ca6355.css
www.sans.org/blog/_nuxt/css/ 61 KB
6 KB 293ms
292ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/css/8ca6355.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

54d670a4f200d8314a0935b6a4d1fdde99bd04ec56abc2f3d86ebef27a4c37e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"bc6882978679006e8629c7f49133102b"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:05 GMT
content-type: text/css
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876381 2VNN RT(1727170453053 468) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 6076
x-xss-protection: 1; mode=block

GET
H2 200 f538fdb.js Show response
www.sans.org/blog/_nuxt/ 2 KB
907 B 392ms
391ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/f538fdb.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

5269122827487da84f83f9e6220cbf2024ab507573a1f77ec9b44724e67af340

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"89e9c8a3137c5a0b004b86dee17212d3"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876394 2VNN RT(1727170453053 557) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 785
x-xss-protection: 1; mode=block

GET
H2 200 290x100_mega_nav_train_and_certify.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blte8be34fc229589b9/6273dce3941a2939d3d00f0e/ 31 KB
31 KB 54ms
7ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blte8be34fc229589b9/6273dce3941a2939d3d00f0e/290x100_mega_nav_train_and_certify.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: a0aa5707b114579a33f6bd2f1e5bdb28399e0a76431d31c34733664a8b6e2b8f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=37144 idim=290x100 ifmt=jpeg ofsz=31269 odim=290x100 ofmt=jpeg
x-request-id: f989323a2d3401980df4f33c5e36c3e8
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "ur4XIkLCdBCQfPyRP00VapGVVBhgJPmmf66qwioL8ck"
age: 33504
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=290x100_mega_nav_train_and_certify.jpg
x-served-by: cache-sjc1000138-SJC, cache-fra-eddf8230116-FRA
x-runtime: 86ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 18, 2
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170454.437303,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31269
fastly-io-served-by: vpop-haf2300702
server: contentstack

GET
H2 200 290x100_mega_nav9_manage_your_team.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf47dc15d424f72e4/6273dce39dad2234e4d02e02/ 29 KB
29 KB 55ms
8ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf47dc15d424f72e4/6273dce39dad2234e4d02e02/290x100_mega_nav9_manage_your_team.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 37cba10e43067a0214b42d54d09875849f601a914a463c0c1fcacd299070396b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=36921 idim=290x100 ifmt=jpeg ofsz=29320 odim=290x100 ofmt=jpeg
x-request-id: 69c9283df87b61080a818ceaba5a4b91
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "f/BsIxvXpi+LUiglRdzDmSa5H5VWOCU6sjXxA/YGaAY"
age: 33504
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=290x100_mega_nav9_manage_your_team.jpg
x-served-by: cache-sjc10077-SJC, cache-fra-eddf8230116-FRA
x-runtime: 134ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 54, 2
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170454.437418,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 29320
fastly-io-served-by: vpop-haf2300711
server: contentstack

GET
H2 200 290x100_mega_nav3_security_awareness.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt1733d7a8ff26d5ad/6273dce39dfd5f30d076efa0/ 30 KB
30 KB 7ms
7ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt1733d7a8ff26d5ad/6273dce39dfd5f30d076efa0/290x100_mega_nav3_security_awareness.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: c1236d3af38b7d049eca1f27f6b2a7acedbf1d6168cee99138ab4730a24fdd6d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=38019 idim=290x100 ifmt=jpeg ofsz=30674 odim=290x100 ofmt=jpeg
x-request-id: b2034ef1568843b14864fca42efa7c08
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "qe3T/381iNlLOnvLkI8GwieG5sLQrJbKsEGMM4CZXvQ"
age: 33503
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=290x100_mega_nav3_security_awareness.jpg
x-served-by: cache-sjc1000095-SJC, cache-fra-eddf8230116-FRA
x-runtime: 88ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 54, 2
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170454.450574,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30674
fastly-io-served-by: vpop-haf2300703
server: contentstack

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 374 KB
104 KB 156ms
74ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9e1be9b9ffd38698f0192855600c9ff3c60c262b23f009ddabed1186783d543c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-encoding: br
expires: Tue, 24 Sep 2024 09:34:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 09:34:14 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 24 Sep 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 106315
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 290x100_mega_nav4_resources.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt08fed20a2b957c76/6273dce36ed4423afc98e390/ 25 KB
26 KB 11ms
8ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt08fed20a2b957c76/6273dce36ed4423afc98e390/290x100_mega_nav4_resources.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 7d30435414031894c25be74ea98bde63a851f84e547ea6d942b21f1f0a37e233

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=30358 idim=290x100 ifmt=jpeg ofsz=25883 odim=290x100 ofmt=jpeg
x-request-id: a8d8d66982e93c465b1b4930cbc905cf
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "J3lljs423xd5iHf5RMtOG2DoSQ61d/vuzRDhhlKLfTc"
age: 33503
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=290x100_mega_nav4_resources.jpg
x-served-by: cache-sjc10033-SJC, cache-fra-eddf8230116-FRA
x-runtime: 88ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 7, 2
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170455.503315,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25883
fastly-io-served-by: vpop-haf2300703
server: contentstack

GET
H2 200 290x100_mega_nav_get_involved.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltbe97e5485d2294e7/6273dce33debbf3afdd2d898/ 30 KB
31 KB 9ms
7ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltbe97e5485d2294e7/6273dce33debbf3afdd2d898/290x100_mega_nav_get_involved.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 02341acfd22526ad4569d86455a9c94ab08194bd40f329df6577362aa9fe78ee

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=40093 idim=290x100 ifmt=jpeg ofsz=30887 odim=290x100 ofmt=jpeg
x-request-id: 820a02b6bc3f3ed3197be9d959c072ba
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "M9g1vX/vuvTRmfGhW9YO83JI/S+4buwsymkaIHVUzWg"
age: 33518
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=290x100_mega_nav_get_involved.jpg
x-served-by: cache-sjc10077-SJC, cache-fra-eddf8230116-FRA
x-runtime: 66ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 53, 2
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170455.503284,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 30887
fastly-io-served-by: vpop-haf2300701
server: contentstack

GET
H2 200 290x100_mega_nav7_about_us.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltb48ea6f22e3c9a94/6273dce3d2794936634fa557/ 25 KB
25 KB 11ms
9ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltb48ea6f22e3c9a94/6273dce3d2794936634fa557/290x100_mega_nav7_about_us.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 0e7dcd24f724760d2fc0950cb5343c41a414499feb22339cb69d4a3101b2684b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=31505 idim=290x100 ifmt=jpeg ofsz=25821 odim=290x100 ofmt=jpeg
x-request-id: 9af6613631ad83064bc204d540eab9cf
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "CIRcbJFjAy7h9liVtoFgnwKLnwTXgjl/pfwHCIc9bdI"
age: 33518
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=290x100_mega_nav7_about_us.jpg
x-served-by: cache-sjc1000125-SJC, cache-fra-eddf8230116-FRA
x-runtime: 61ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 53, 2
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170455.504598,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25821
fastly-io-served-by: vpop-haf2300711
server: contentstack

GET
H2 200 370x370_Michiel-Lemmens.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd57b9a387f360cec/5fe37e5f1166ce7d2ed1a253/ 58 KB
58 KB 16ms
14ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd57b9a387f360cec/5fe37e5f1166ce7d2ed1a253/370x370_Michiel-Lemmens.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 5e349873f09d8afdb100db239bd02d093f7133d3db41c5dacddca65dbc93d92d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=66718 idim=370x370 ifmt=jpeg ofsz=58924 odim=370x370 ofmt=jpeg
x-request-id: 5a5063e3694ee0430cf51c9a78351ea6
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "f3Epc+mHgCvGrIOzid7CHgFW/SlyVUKPSGAY1SDhQCU"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=370x370_Michiel-Lemmens.jpg
x-served-by: cache-sjc10048-SJC, cache-fra-eddf8230116-FRA
x-runtime: 53ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 18, 0
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170455.504051,VS0,VE2
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 58924
fastly-io-served-by: vpop-haf2300712
server: contentstack

GET
H2 200 2.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blta6f8ec177ce00f0d/60c142232d95121b9b3d1c22/ 82 KB
83 KB 16ms
14ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blta6f8ec177ce00f0d/60c142232d95121b9b3d1c22/2.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 6288b7c8046be529ea65d19d26b38e064b523fe1b10bf63042d218b4f59ff149

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=91525 idim=1285x818 ifmt=jpeg ofsz=84368 odim=1285x818 ofmt=jpeg
x-request-id: 66870cb4b3f027390c878cd05439b3be
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "uWnOs9tAsYxVUzhWSjol3PXLjty9lnfQpcTbKApz56Q"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=2.JPG
x-served-by: cache-sjc1000126-SJC, cache-fra-eddf8230116-FRA
x-runtime: 120ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 9, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.504111,VS0,VE2
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 84368
fastly-io-served-by: vpop-haf2300706
server: contentstack

GET
H2 200 15.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt3ce784ad6a4c39cd/60c144a51b32a31d5305c395/ 60 KB
61 KB 16ms
13ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt3ce784ad6a4c39cd/60c144a51b32a31d5305c395/15.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: eb1967cdcbe795eb42eafddbc302d20c9fcf7a23372b68a8b94532c59747c360

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=68938 idim=1920x930 ifmt=jpeg ofsz=61781 odim=1920x930 ofmt=jpeg
x-request-id: febe004d03d75eb36f19d243caf65806
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "eVoRnREC5lVG2C0AotQFdw0Kf2WEpVgnetT6bOqMD/g"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=15.JPG
x-served-by: cache-sjc1000106-SJC, cache-fra-eddf8230116-FRA
x-runtime: 81ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.503952,VS0,VE2
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 61781
fastly-io-served-by: vpop-haf2300702
server: contentstack

GET
H2 200 12.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt77478d41411b15f9/60c144e3f8aee612d3996f3e/ 200 KB
201 KB 12ms
10ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt77478d41411b15f9/60c144e3f8aee612d3996f3e/12.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 3e299305ecd4cbeb9d175b9edf675ce4e710f2c0de4291da4083fb5888f04316

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=211915 idim=1920x930 ifmt=jpeg ofsz=204758 odim=1920x930 ofmt=jpeg
x-request-id: feff626ecaf323a9b4ca64b20d0786b6
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "SLUF09Vu0Xsd4it8+spA88NXHVjf/ncWVIQk4BL1mKI"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=12.JPG
x-served-by: cache-sjc1000086-SJC, cache-fra-eddf8230116-FRA
x-runtime: 185ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.503937,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 204758
fastly-io-served-by: vpop-haf2300704
server: contentstack

GET
H2 200 21.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt829302eaee42d44a/60c1453fd475801b9d54ff9e/ 107 KB
107 KB 17ms
15ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt829302eaee42d44a/60c1453fd475801b9d54ff9e/21.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: cc4d638dc9c38300d9931fc169f2a90be5c91208919df2f2136dce2c63652ca1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=116436 idim=1920x904 ifmt=jpeg ofsz=109279 odim=1920x904 ofmt=jpeg
x-request-id: e4968d07f67bf19423dfe0d923866d8c
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "4r4X4irfRwH9zlY2SUjvVPS+fn9P6YuRtnYmb1bXDqI"
age: 33040
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=21.JPG
content-type: image/jpeg
x-runtime: 123ms
x-cache-hits: 19, 1
x-contentstack-organization: blt848504a4924ca8db
fastly-stats: io=1
x-served-by: cache-sjc1000105-SJC, cache-fra-eddf8230116-FRA
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.503934,VS0,VE3
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 109279
fastly-io-served-by: vpop-haf2300713
server: contentstack

GET
H2 200 31.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltda9cd0dabaa63b29/60c14dc83a3d1a5f519ebb3a/ 457 KB
458 KB 17ms
15ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltda9cd0dabaa63b29/60c14dc83a3d1a5f519ebb3a/31.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 8153a07ff759d9f70204dadc9605d989d4851954982f824922520143bc2baf8d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=475509 idim=1919x929 ifmt=jpeg ofsz=468352 odim=1919x929 ofmt=jpeg
x-request-id: 58748091bc8f0a98195c5b10d29834a0
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "jP3S4qg5V0FrX9RR2RlswePuSAOsGRuVU0Lfx74gyso"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=31.JPG
x-served-by: cache-sjc10051-SJC, cache-fra-eddf8230116-FRA
x-runtime: 157ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 5, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.504679,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 468352
fastly-io-served-by: vpop-haf2300706
server: contentstack

GET
H2 200 19.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt5b5c3088633df560/60c14df6f8aee612d3996f4c/ 243 KB
243 KB 17ms
15ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt5b5c3088633df560/60c14df6f8aee612d3996f4c/19.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: eda42729558d0f266965ab82a8f295c18e5692b2e2f125c13039708f3a6b2613

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=255812 idim=1918x927 ifmt=jpeg ofsz=248655 odim=1918x927 ofmt=jpeg
x-request-id: 2819f762efb0aa4e8e618069a03731e6
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "IXrFxY8PxPVZ9n0iH+g7/udRUMRcnzqKs9/BDIw8VSE"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=19.JPG
x-served-by: cache-sjc10066-SJC, cache-fra-eddf8230116-FRA
x-runtime: 123ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.504675,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 248655
fastly-io-served-by: vpop-haf2300704
server: contentstack

GET
H2 200 32.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt79912bce2d406f87/60c14e201b32a31d5305c3b5/ 212 KB
213 KB 30ms
28ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt79912bce2d406f87/60c14e201b32a31d5305c3b5/32.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: cd33ff8682d2623632707e79b5f3cd2f8c03475a1047e42c446aac518582b619

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=224585 idim=1920x928 ifmt=jpeg ofsz=217428 odim=1920x928 ofmt=jpeg
x-request-id: 2c9c54926113854d8e6cec8fb83e22e0
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "I8nOUfvPjGydpY8CAohQICop2peVWpYO6CnO/7+mfzE"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=32.JPG
x-served-by: cache-sjc10032-SJC, cache-fra-eddf8230116-FRA
x-runtime: 89ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.510594,VS0,VE2
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 217428
fastly-io-served-by: vpop-haf2300702
server: contentstack

GET
H2 200 20.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf72690f8a687d41a/60c14e87f77af428924ba4de/ 86 KB
86 KB 25ms
24ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltf72690f8a687d41a/60c14e87f77af428924ba4de/20.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 1fdfc36fd2186cb71d965a1b34e080d3f4c6ff3e047569fa34ead148e75c2448

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=95286 idim=1917x927 ifmt=jpeg ofsz=88129 odim=1917x927 ofmt=jpeg
x-request-id: 0c4a898dc05693a45dcf602e350eb240
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "jlQDt8oQ4T+W2SbDf5CVtYtYeoh837Y7hyRNVxoFMeA"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=20.JPG
x-served-by: cache-sjc10038-SJC, cache-fra-eddf8230116-FRA
x-runtime: 148ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.509759,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 88129
fastly-io-served-by: vpop-haf2300708
server: contentstack

GET
H2 200 22.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt1ca2179301629d11/60c14f85d475801b9d54ffae/ 282 KB
283 KB 30ms
28ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt1ca2179301629d11/60c14f85d475801b9d54ffae/22.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: ded784189873619127e9b92cbbd531187162d6ab873578d7000c599e043f220d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=296168 idim=1917x904 ifmt=jpeg ofsz=289011 odim=1917x904 ofmt=jpeg
x-request-id: 4aca4e25cd84184c5728d708ef2e239b
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "sARvpk3Pst/rgDYhV3UaHY3ypGUmRrsdS7clpCC9XYI"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=22.JPG
x-served-by: cache-sjc10075-SJC, cache-fra-eddf8230116-FRA
x-runtime: 151ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 7, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.510390,VS0,VE2
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 289011
fastly-io-served-by: vpop-haf2300708
server: contentstack

GET
H2 200 23.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltc567b7a8e9ac1dfe/60c14fc7971f487708eb2779/ 175 KB
175 KB 28ms
26ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltc567b7a8e9ac1dfe/60c14fc7971f487708eb2779/23.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 2fa3fbb51afb49325e605d14627d221030e1784744bf0fb3a2ad005fbaca12ab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=186009 idim=1919x927 ifmt=jpeg ofsz=178852 odim=1919x927 ofmt=jpeg
x-request-id: 5d4b53f311fe6e6e78f70d3e10118ff4
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "1ompeCE2rRsXWQOW8sPO0POA+VDpNipkodCdIdNiIao"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=23.JPG
x-served-by: cache-sjc1000091-SJC, cache-fra-eddf8230116-FRA
x-runtime: 175ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.510067,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 178852
fastly-io-served-by: vpop-haf2300704
server: contentstack

GET
H2 200 24.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt38d3eab23b960ba8/60c14fe8971f487708eb277d/ 187 KB
187 KB 27ms
26ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt38d3eab23b960ba8/60c14fe8971f487708eb277d/24.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: b18348575aab267524e78da8f3851be4c40ba78bc38af6b0614cec6322232075

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=198542 idim=1916x929 ifmt=jpeg ofsz=191385 odim=1916x929 ofmt=jpeg
x-request-id: ac92fd54b46f9225104d42e9b5f15787
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "jamk6hBtt4/fvEVJACHV2fDBdaJu8GttxHqz5MeXTlI"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=24.JPG
x-served-by: cache-sjc1000124-SJC, cache-fra-eddf8230116-FRA
x-runtime: 93ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.510083,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 191385
fastly-io-served-by: vpop-haf2300713
server: contentstack

GET
H2 200 25.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt507ea2e8d22447dc/60c150212d47ce78c28ad3d7/ 148 KB
148 KB 28ms
27ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt507ea2e8d22447dc/60c150212d47ce78c28ad3d7/25.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 0c5d65c0b908423a93ee58e0e7f5d3eb4bb14228ce8f34da79c8d572e01b29a6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=158458 idim=1920x931 ifmt=jpeg ofsz=151301 odim=1920x931 ofmt=jpeg
x-request-id: 5a6b1026c6e1db877e9f0924f6eaaec1
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "Y0OISXhnLhQKnuhV8D0Xn5PC/rY87v+Q5b7zNkbBGiA"
x-cache: MISS, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=25.JPG
x-served-by: cache-sjc10041-SJC, cache-fra-eddf8230116-FRA
x-runtime: 134ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 0, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.510078,VS0,VE2
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 151301
fastly-io-served-by: vpop-haf2300702
server: contentstack

GET
H2 200 26.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt8d91729b457d52e4/60c15054ff4b120facb61046/ 143 KB
144 KB 26ms
25ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt8d91729b457d52e4/60c15054ff4b120facb61046/26.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: b2383fe9cac7ff3e54654a4d41f53fba1a6d367c0c6ae7f7ee1d334057167a4d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=153850 idim=1919x928 ifmt=jpeg ofsz=146693 odim=1919x928 ofmt=jpeg
x-request-id: 135b5f5de2262f9e0a05158fb95478f8
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "qAfaDCQn4ZZkTCfFRwL9BzD+gwp77SVGq64JS05v/F8"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=26.JPG
x-served-by: cache-sjc10047-SJC, cache-fra-eddf8230116-FRA
x-runtime: 151ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 12, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.509654,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 146693
fastly-io-served-by: vpop-haf2300702
server: contentstack

GET
H2 200 33a.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltc3672869d2695b70/60c1508c85c4c2118e3175e1/ 152 KB
152 KB 25ms
24ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltc3672869d2695b70/60c1508c85c4c2118e3175e1/33a.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: c3c1fbf6acf69b0844bc5b78703c0503649e61d234f3c0934b57b37f62b2cd86

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=162442 idim=1918x922 ifmt=jpeg ofsz=155273 odim=1918x922 ofmt=jpeg
x-request-id: 5878c6dbc44808384ec8a1fb7fe911e7
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "kIwPZIQJhSEF540AIhx9ETruETauuTEpb0j0jF0+Mqk"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=33a.jpg
x-served-by: cache-sjc1000110-SJC, cache-fra-eddf8230116-FRA
x-runtime: 258ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.509638,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 155273
fastly-io-served-by: vpop-haf2300704
server: contentstack

GET
H2 200 27.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt90866d504b2da373/60c150b7fbd63412d413446c/ 142 KB
142 KB 26ms
25ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt90866d504b2da373/60c150b7fbd63412d413446c/27.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: caf866f86bae1262c53afb4dd17e38b4866c07c76783b213e8ebe71fc4bbc0cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=152375 idim=1917x921 ifmt=jpeg ofsz=145218 odim=1917x921 ofmt=jpeg
x-request-id: 6c7d4206feea844e0ed61e4b9651adb5
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "TfQpQmtQg5K7BRaRavFfn9O884Uqof0wTDnD4WiviNo"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=27.JPG
x-served-by: cache-sjc10081-SJC, cache-fra-eddf8230116-FRA
x-runtime: 137ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 2, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.509591,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 145218
fastly-io-served-by: vpop-haf2300714
server: contentstack

GET
H2 200 28.JPG
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltdb25ec49038f3f71/60c150f5fbd63412d4134470/ 137 KB
137 KB 27ms
26ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltdb25ec49038f3f71/60c150f5fbd63412d4134470/28.JPG
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: b51a703411091977711b7347bb9dafcd4eea76c3b7f4ca4ea1b71dd0be88670d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=147376 idim=1918x924 ifmt=jpeg ofsz=140219 odim=1918x924 ofmt=jpeg
x-request-id: 8fbd55bc576fe1a62388afbc15d76833
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "mBeyZ+5EwvCaLhbeIEbpBjeiiP1ZomOBJAEeOPpme+g"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=28.JPG
x-served-by: cache-sjc10055-SJC, cache-fra-eddf8230116-FRA
x-runtime: 123ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
fastly-io-warning: Failed to shrink image
x-timer: S1727170455.509546,VS0,VE2
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 140219
fastly-io-served-by: vpop-haf2300710
server: contentstack

GET
H2 200 HackFest_blog_image.png
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt36821f16358e096d/654d0c79111f09040a46e9c0/ 69 KB
69 KB 26ms
25ms Image
image/webp 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt36821f16358e096d/654d0c79111f09040a46e9c0/HackFest_blog_image.png?format=png&auto=webp&width=600
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 903b11a5dc9938069819c955db61fdf83ae343695a49893776c0405c904a1c37

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=68326 idim=340x340 ifmt=png ofsz=70292 odim=600x600 ofmt=webp
x-request-id: 013f5c2f90e93e19a7313434c2141cff
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "rW0duH9QtYTDfL9FfEAs5G1ICA245WpbtybSfGCCXcI"
filename1: custom
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-type: image/webp
x-served-by: cache-sjc10050-SJC, cache-fra-eddf8230116-FRA
x-cache-hits: 2, 0
x-runtime: 74ms
x-contentstack-organization: blt848504a4924ca8db
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170455.509529,VS0,VE2
content-disposition: inline; filename=HackFest_blog_image.webp
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 70292
fastly-io-served-by: vpop-haf2300713
server: contentstack

GET
H2 200 370x370-person-placeholder.png
images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltaa9404ecbcefbcaa/6335cdd0a2ca982a1c795ab3/ 22 KB
23 KB 29ms
28ms Image
image/png 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/bltaa9404ecbcefbcaa/6335cdd0a2ca982a1c795ab3/370x370-person-placeholder.png
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 5a661b8cad1a727df1b3b5c68f3f370cc2c037768a76fcb4c0d074e96c5e64c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=31894 idim=370x370 ifmt=png ofsz=22796 odim=370x370 ofmt=png
x-request-id: e78e8993995713bffdb244446f0d8488
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "GeEiX4CJNxqVfGOYEzkaDASMqAM4nnZ28DAsYKwP8Uc"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=370x370-person-placeholder.png
x-served-by: cache-sjc1000134-SJC, cache-fra-eddf8230116-FRA
x-runtime: 58ms
content-type: image/png
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 28, 0
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170455.509512,VS0,VE4
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 22796
fastly-io-served-by: vpop-haf2300705
server: contentstack

GET
H2 200 370x370_jonathan-reiter.jpg
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt666fc59930594966/5ece7ade96a8996de38bc262/ 46 KB
46 KB 24ms
23ms Image
image/jpeg 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt666fc59930594966/5ece7ade96a8996de38bc262/370x370_jonathan-reiter.jpg
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: 0a283859be4396f43003d6e3f087c7be1860a74fee384e821f410c4783d2c8f8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=53107 idim=370x370 ifmt=jpeg ofsz=46836 odim=370x370 ofmt=jpeg
x-request-id: 463f8b15ed4fbb6ea9c315b00a353672
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "/wswl/9yi/QZ5K6WSPxqHlPmqJnq5dDYRaZwMG5mLUQ"
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-disposition: inline; filename=370x370_jonathan-reiter.jpg
x-served-by: cache-sjc1000124-SJC, cache-fra-eddf8230116-FRA
x-runtime: 136ms
content-type: image/jpeg
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 4, 0
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170455.509495,VS0,VE1
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46836
fastly-io-served-by: vpop-haf2300703
server: contentstack

GET
H/1.1 200
OK / Show response
addsearch.com/js/ 2 KB
980 B 116ms
34ms Script
application/javascript 99.80.22.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9
Requested by: Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 99.80.22.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-22-109.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d4674524facb7c0646c9a3f0c9f1f5ac40c49e7dacf480c6a2d562da2d3b9ebb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Length: 733
Date: Tue, 24 Sep 2024 09:34:14 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Server: nginx

GET
H2 200 _Incapsula_Resource Show response
www.sans.org/ 83 KB
20 KB 267ms
267ms Script
application/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=113723495

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

141b4c46723463727933fa6c23c7fcf984b90a995859a4f27aa2215bceede46e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-robots-tag: noindex
cache-control: no-cache, no-store
content-encoding: gzip
expect-ct: max-age=86400, enforce
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-length: 20320
x-xss-protection: 1; mode=block
content-type: application/javascript
x-frame-options: SAMEORIGIN

GET
H2 200 logo-sans.d72c7e5.svg
www.sans.org/blog/_nuxt/img/ 4 KB
2 KB 161ms
160ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/logo-sans.d72c7e5.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

be3b161eca24051313cc59d561426001989e585ef63bfb64336994902d2322c9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

content-encoding: gzip
etag: W/"e647dc13abbda64092e117c11ba75b06"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876381 2VNN RT(1727170453053 783) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 1664
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 342 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b698a7613b5699ab82438105b51d1391ffa6103ce23ad2068e7f66479d1e2baf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 menu-chevron.510467e.svg
www.sans.org/blog/_nuxt/img/ 1 KB
817 B 161ms
161ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/menu-chevron.510467e.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

78ca04ceaa354592535991dc60ee768438f0ee7ced1224c5b8e8bd5e5a24898c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

content-encoding: gzip
etag: W/"e41be18adbcfd205935e1869c7d110dc"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876391 2VNN RT(1727170453053 785) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 695
x-xss-protection: 1; mode=block

GET
H2 200 search-icon-blue.2982038.svg
www.sans.org/blog/_nuxt/img/ 1 KB
732 B 158ms
158ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/search-icon-blue.2982038.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0291038e1dab29b2b5d6ee42c102c6249b47e141ac84a88e5b335236474ac129

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

content-encoding: gzip
etag: W/"32c818c97941c024172c43d7db55b330"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2857551 2VNN RT(1727170453053 788) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 611
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 532 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ddf1c3008869a04f57100949a5540f5cd285d893181070e68ae3d051e97c290

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 link-icon.0489af3.svg
www.sans.org/blog/_nuxt/img/ 3 KB
2 KB 156ms
155ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/link-icon.0489af3.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

8d501c87ecf6a67ba39e5a8a05dc89e7456680b2a5260e6439e05724cf42a75e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

content-encoding: gzip
etag: W/"dea235bebadf19e8294fa31e90c6f8fa"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876404 2VNN RT(1727170453053 790) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 1507
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 393 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec24e57be28f403d151765cf2cc1d1bbb5c91da19629143091fad4e8805529cc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 linkedin.fb73d70.svg
www.sans.org/blog/_nuxt/img/ 1 KB
820 B 154ms
151ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/linkedin.fb73d70.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/561c40a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a45aa8ee64d02baed1f62b6d8d2fcc1e87599ab85f729375d8eff8a6a3765b0b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/561c40a.css

Response headers

content-encoding: gzip
etag: W/"554a990bf4270e25d1a77ebc2c9e68a6"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876383 2VNN RT(1727170453053 795) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 698
x-xss-protection: 1; mode=block

GET
H2 200 facebook.52f4f16.svg
www.sans.org/blog/_nuxt/img/ 1 KB
738 B 155ms
152ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/facebook.52f4f16.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/561c40a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

069231b573c1732783d33f721171bf0ec5b3ca5542330812deedd60da67f46cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/561c40a.css

Response headers

content-encoding: gzip
etag: W/"a9781eefe35e6e6969555f5286f9bf26"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2874948 2VNN RT(1727170453053 796) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 599
x-xss-protection: 1; mode=block

GET
H2 200 share.1b2e1d9.svg
www.sans.org/blog/_nuxt/img/ 2 KB
1 KB 165ms
162ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/share.1b2e1d9.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/561c40a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

872fb329acdd644c07d450ed141fcf32c93dca871fb970390bc5d29780d8679f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/561c40a.css

Response headers

content-encoding: gzip
etag: W/"b3cefd935ed7ecc76bf840598ca97b7f"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876381 2VNN RT(1727170453053 797) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 927
x-xss-protection: 1; mode=block

GET
H2 200 next-grey.93bc860.svg
www.sans.org/blog/_nuxt/img/ 1 KB
841 B 174ms
171ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/next-grey.93bc860.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

df6379fe8c34adfb99a5983b564a2c050fde0b61244171c78ebdf08109379603

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

content-encoding: gzip
etag: W/"87d2e36c53ab1a37eef9729d41c619e5"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876391 2VNN RT(1727170453053 798) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 720
x-xss-protection: 1; mode=block

GET
H2 200 arrow-thin-right.4f7feec.svg
www.sans.org/blog/_nuxt/img/ 2 KB
1 KB 175ms
175ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/arrow-thin-right.4f7feec.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a03e27429c0cd9800688f0f1b05e63e24aca8f15730bf883be67e38b71ccc7fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

content-encoding: gzip
etag: W/"d695c952b933929c6567d3d061f0f955"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:05 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2857551 2VNN RT(1727170453053 799) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 932
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 396 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0e02af33d66e0b29417fcf68b6dbad78f8cad144e517d778ff23040c3981cfb6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 200 facebook-blue.fbb90bb.svg
www.sans.org/blog/_nuxt/img/ 1 KB
790 B 177ms
176ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/facebook-blue.fbb90bb.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/561c40a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c00f9dc81a56d6a9ff84c25d8c7f22c3712dd8fee84754e2a6ae44182c091996

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/561c40a.css

Response headers

content-encoding: gzip
etag: W/"93defae861d9dfebc162c3e80e2b8a60"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2871623 2VNN RT(1727170453053 800) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 607
x-xss-protection: 1; mode=block

GET
H2 200 youtube-blue.531e101.svg
www.sans.org/blog/_nuxt/img/ 4 KB
2 KB 186ms
186ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/youtube-blue.531e101.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/561c40a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

76e987438e99c6477838308a149d379d791c4e9692e53f15627d68b5d93cd999

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/561c40a.css

Response headers

content-encoding: gzip
etag: W/"89a0b71d2580a9e3806d565f33d22b99"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876414 2VNN RT(1727170453053 801) q(0 0 0 -1) r(0 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 1810
x-xss-protection: 1; mode=block

GET
H2 200 linkedin-blue.6a18be7.svg
www.sans.org/blog/_nuxt/img/ 1 KB
800 B 197ms
196ms Image
image/svg+xml 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/blog/_nuxt/img/linkedin-blue.6a18be7.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/561c40a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3332992e96bc009b7a3acfd8484ea65a8b07649aad73abbac8d4973952d93604

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/_nuxt/css/561c40a.css

Response headers

content-encoding: gzip
etag: W/"26f7a680215b7b77cd63af3eb0821b91"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Thu, 05 Sep 2024 23:37:06 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876404 2VNN RT(1727170453053 802) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 679
x-xss-protection: 1; mode=block

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 44 KB
44 KB 84ms
38ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v11/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sans.org
Referer: https://www.sans.org/

Response headers

age: 5557
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 08:01:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 08:01:37 GMT
last-modified: Mon, 22 Jul 2019 19:26:40 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 45416
x-xss-protection: 0
server: sffe

GET
H2 200 ClearSans-Regular.b987360.woff2
www.sans.org/blog/_nuxt/fonts/ 44 KB
44 KB 185ms
183ms Font
font/woff2 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/fonts/ClearSans-Regular.b987360.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

602358d68544ed2d54986ebd6ae716461cd6d68433e99f2e1ca63d2a284034c3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sans.org
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

etag: "4dd5d02bf54ad96ae7d03bf6cef6a966"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: font/woff2
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876383 2VNN RT(1727170453053 883) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 44664
x-xss-protection: 1; mode=block

GET
H2 200 ClearSans-Bold.e87c5b4.woff2
www.sans.org/blog/_nuxt/fonts/ 43 KB
43 KB 196ms
195ms Font
font/woff2 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/fonts/ClearSans-Bold.e87c5b4.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a5e810c538d9ac115faaaa527625164da813013d225ad8b3f7bf19a3ccc409f2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sans.org
Referer: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Response headers

etag: "76687bf10bd465fe4da2b0a2b52a7b7a"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:43 GMT
date: Tue, 24 Sep 2024 09:34:13 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: font/woff2
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876414 2VNN RT(1727170453053 884) q(0 0 0 -1) r(0 0)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 44176
x-xss-protection: 1; mode=block

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v11/ 46 KB
46 KB 85ms
40ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v11/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sans.org
Referer: https://www.sans.org/

Response headers

age: 4939
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 08:11:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 08:11:55 GMT
last-modified: Mon, 22 Jul 2019 19:27:34 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46988
x-xss-protection: 0
server: sffe

GET
H3 200 jizYRExUiTo99u79D0e0x8mI.woff2
fonts.gstatic.com/s/ptsans/v11/ 41 KB
41 KB 100ms
55ms Font
font/woff2 142.250.186.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v11/jizYRExUiTo99u79D0e0x8mI.woff2

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/css/2a8bf47.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f3.1e100.net

Software

sffe /

Resource Hash

a90c9a418d43701a0a915c62bdb57f7e5015dfc10654aef67179fc32652ec0f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sans.org
Referer: https://www.sans.org/

Response headers

age: 2865
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 08:46:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 08:46:29 GMT
last-modified: Mon, 22 Jul 2019 19:28:11 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 42460
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK / Show response
addsearch.com/searchui/v3/ 55 KB
14 KB 62ms
62ms Script
application/javascript 99.80.22.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://addsearch.com/searchui/v3/?key=58b8a4a0d3818cf198ff88f660f8f8f9&i=
Requested by: Host: addsearch.com
URL: https://addsearch.com/js/?key=58b8a4a0d3818cf198ff88f660f8f8f9
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 99.80.22.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-22-109.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3ba41fce38182620dca1014a127fc616e2cce18368526959702027db3e9d1dde

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

Transfer-Encoding: chunked
Content-Encoding: gzip
Connection: keep-alive
Access-Control-Allow-Origin: *
Date: Tue, 24 Sep 2024 09:34:14 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Server: nginx

GET
H2 200 sp.min.js Show response
cdn.jsdelivr.net/npm/@snowplow/javascript-tracker@3.5.0/dist/ 73 KB
25 KB 28ms
7ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@snowplow/javascript-tracker@3.5.0/dist/sp.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

76039a26bb3656600240ac08bc5f0ce450661977af129ab9c746ea4efe45a1a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"12364-F9/xW8QJROE2aN3C47q1tjOoX0s"
age: 201893
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230027-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25416
x-jsd-version: 3.5.0

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/ 20 KB
7 KB 67ms
31ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5T9DW3B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-md5: 1C7BuQ3LGAlBcdxyvs3Sgw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCB71B1D7DE39A
age: 8736
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Wed, 25 Sep 2024 09:34:14 GMT
date: Tue, 24 Sep 2024 09:34:14 GMT
content-type: application/javascript
last-modified: Wed, 07 Aug 2024 19:57:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: a861bc67-801e-00d1-1a03-e92ed5000000
cf-ray: 8c81c70f1ed2d3b5-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6884
x-ms-blob-type: BlockBlob
server: cloudflare

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
968 B 121ms
48ms Script
text/javascript 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/f397639.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

ESF /

Resource Hash

c3251560b901d4eb0b9965000bf55b2cc1f4ac64ca092207235483448a3b9a9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:15 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Tue, 24 Sep 2024 09:34:15 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 7d122c6.js Show response
www.sans.org/blog/_nuxt/ 68 KB
21 KB 140ms
139ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/7d122c6.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/7a5cd47.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

15a25f4ec865e2373653f7556651e47d1b1d0b418bfd61f2ad7135362da9ba0e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"75899453940ff5cb2ac474c4324a18ee"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:44 GMT
date: Tue, 24 Sep 2024 09:34:14 GMT
last-modified: Thu, 05 Sep 2024 23:37:05 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876404 2VNN RT(1727170453053 1045) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 21657
x-xss-protection: 1; mode=block

GET
H2 200 77e6673.css
www.sans.org/blog/_nuxt/css/ 50 KB
6 KB 143ms
143ms Stylesheet
text/css 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/css/77e6673.css

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/7a5cd47.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4a6d06db00567b9cc14987d0002552637832387cf47a1dcd7dfd83fa607a2ab2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"ccdebd903f30cf114c8cc94205a34e0e"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:44 GMT
date: Tue, 24 Sep 2024 09:34:14 GMT
last-modified: Fri, 09 Aug 2024 19:34:47 GMT
content-type: text/css
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2876383 2VNN RT(1727170453053 1043) q(0 0 0 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 5829
x-xss-protection: 1; mode=block

GET
H2 200 2b06182.js Show response
www.sans.org/blog/_nuxt/ 9 KB
3 KB 139ms
139ms Script
text/javascript 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sans.org/blog/_nuxt/2b06182.js

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/_nuxt/7a5cd47.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

136001035e2775b18774afa1f03f2065b344bfefa049ba324f563bf6b652e309

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

content-encoding: gzip
etag: W/"90eea19f4bb47daa601cf24fdf47ae92"
expect-ct: max-age=86400, enforce
x-content-type-options: nosniff
expires: Tue, 24 Sep 2024 09:34:44 GMT
date: Tue, 24 Sep 2024 09:34:14 GMT
last-modified: Thu, 05 Sep 2024 23:37:05 GMT
content-type: text/javascript
vary: Accept-Encoding
x-frame-options: ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
strict-transport-security: max-age=31536000; includeSubDomains
x-iinfo: 3-2876366-2857551 2VNN RT(1727170453053 1046) q(0 1 1 -1) r(1 1)
content-security-policy: frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
cache-control: max-age=30, public
x-cdn: Imperva
referrer-policy: strict-origin-when-cross-origin
content-length: 2485
x-xss-protection: 1; mode=block

GET
H2 200 _Incapsula_Resource
www.sans.org/ 1 B
41 B 101ms
100ms Image
text/plain 45.60.31.34
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sans.org/_Incapsula_Resource?SWKMTFSR=1&e=0.22589775808080015

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.31.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-robots-tag: noindex
cache-control: no-cache, no-store
expect-ct: max-age=86400, enforce
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-length: 1
x-xss-protection: 1; mode=block
content-type: text/plain
x-frame-options: SAMEORIGIN

OPTIONS
H2 204 tp2
api.sans.org/event-stream/collect/snowplow/com.snowplowanalytics.snowplow/ Frame 0
0 345ms
297ms Preflight
application/json 45.60.33.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sans.org/event-stream/collect/snowplow/com.snowplowanalytics.snowplow/tp2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests;
Strict-Transport-Security	includeSubdomains; preload; max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.sans.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Referer,User-Agent,sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.sans.org
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests;
content-type: application/json
date: Tue, 24 Sep 2024 09:34:15 GMT
referrer-policy: no-referrer-when-downgrade
strict-transport-security: includeSubdomains; preload; max-age=31536000
vary: Origin
x-amz-apigw-id: emofsEzdIAMFk5Q=
x-amzn-requestid: 25611b9f-d9c8-4f71-8979-38be8af048bb
x-amzn-trace-id: Root=1-66f28797-77d2f098641afed64de2a6a5
x-cdn: Imperva
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-iinfo: 14-44336908-44336913 NNNN CT(93 94 0) RT(1727170454614 12) q(0 0 2 0) r(3 3) U24
x-xss-protection: 1; mode=block

POST
H2 201 tp2 Show response
api.sans.org/event-stream/collect/snowplow/com.snowplowanalytics.snowplow/ 0
931 B 344ms
329ms XHR
application/json 45.60.33.34
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://api.sans.org/event-stream/collect/snowplow/com.snowplowanalytics.snowplow/tp2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/@snowplow/javascript-tracker@3.5.0/dist/sp.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.33.34 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests;
Strict-Transport-Security	includeSubdomains; preload; max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json; charset=UTF-8
Referer: https://www.sans.org/

Response headers

x-amzn-remapped-content-length: 0
x-amzn-remapped-connection: keep-alive
x-content-type-options: nosniff
x-amzn-requestid: ed3dfb8e-12a5-4ad9-9eaf-f9b31dd3f217
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: application/json
vary: Origin
x-frame-options: SAMEORIGIN
strict-transport-security: includeSubdomains; preload; max-age=31536000
x-iinfo: 1-7342226-7342228 NNNN CT(95 96 0) RT(1727170454926 8) q(0 0 2 0) r(3 3) U24
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests;
x-amz-apigw-id: emofvEk8IAMF74g=
x-amzn-remapped-date: Tue, 24 Sep 2024 09:34:15 GMT
x-cdn: Imperva
x-amzn-trace-id: Root=1-66f28797-3e9929652ddb7d012ab20a80
access-control-allow-credentials: true
referrer-policy: no-referrer-when-downgrade
access-control-allow-origin: https://www.sans.org
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 200 b943c60c-995d-4bbc-943e-56b9f742642c.json Show response
cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/ 5 KB
2 KB 50ms
35ms XHR
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/b943c60c-995d-4bbc-943e-56b9f742642c.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19e69e2a7d7342a398d73ee1baf1a7c137fd278b787f0e2c82d49728fe9d3890

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-md5: wGZGE1/gIVIBcLiYLX9eUA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCB71B1D5663B3
age: 39938
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Wed, 25 Sep 2024 09:34:15 GMT
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: application/json
last-modified: Wed, 07 Aug 2024 19:57:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: 29ceea1b-401e-0088-7103-e92b53000000
cf-ray: 8c81c7104bcfd3b1-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1784
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/ 541 KB
214 KB 83ms
37ms Script
text/javascript 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.sans.org
Referer: https://www.sans.org/

Response headers

content-encoding: gzip
age: 21130
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 03:42:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 03:42:05 GMT
last-modified: Tue, 03 Sep 2024 02:00:38 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 219302
x-xss-protection: 0
server: sffe

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
303 B 61ms
41ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept: application/json
Referer: https://www.sans.org/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-methods: GET, OPTIONS
cf-ray: 8c81c710af7865b1-FRA
access-control-allow-origin: *
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/ 427 KB
103 KB 32ms
31ms Script
application/javascript 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43f53421fef96a525b5fc208f6a59bd72479f0d9816dba0a416f68ee81d648a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-md5: 1EE1PYD7uD6VTAMrTql67g==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5D34632AA7A
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 47208
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: application/javascript
last-modified: Tue, 16 Jul 2024 20:10:01 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: c028eac3-501e-009c-0ebe-d7e837000000
cf-ray: 8c81c7110cfdd3b5-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 105094
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/62b7bc3f-bec8-467f-8c63-dc25b1746d27/ 81 KB
16 KB 23ms
23ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b943c60c-995d-4bbc-943e-56b9f742642c/62b7bc3f-bec8-467f-8c63-dc25b1746d27/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202311.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

246c048b89ed41e99573638bb962271ef5237941708b97730349e57be57ee266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-md5: d5y6LCnuky4YosyGH3GaMw==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
cf-cache-status: HIT
etag: 0x8DCB71B1DF1A71E
age: 5029
x-ms-lease-status: unlocked
x-content-type-options: nosniff
x-ms-version: 2009-09-19
expires: Wed, 25 Sep 2024 09:34:15 GMT
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: application/json
last-modified: Wed, 07 Aug 2024 19:57:07 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin, cross-origin
x-ms-request-id: ff5f02dc-b01e-00b4-6b03-e99f88000000
cf-ray: 8c81c711a81cd3b1-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 15914
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 90EB 0
0 129ms
60ms Document
text/html 142.250.186.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdRaE8aAAAAAOB9CLy-hHWeafmpvmYkeMpCXrWO&co=aHR0cHM6Ly93d3cuc2Fucy5vcmc6NDQz&hl=de&v=EGbODne6buzpTnWrrBprcfAY&size=invisible&cb=hfqxqomq7mtk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/EGbODne6buzpTnWrrBprcfAY/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.68 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--Gumx4wxbJhpF-Z6h5jTGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sans.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce--Gumx4wxbJhpF-Z6h5jTGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Sep 2024 09:34:15 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 otFloatingRoundedIcon.json Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/assets/ 16 KB
4 KB 19ms
19ms Fetch
application/json 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/assets/otFloatingRoundedIcon.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202311.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc8c8031a5ede4d5c2c26b4cdee74bc0e29e2c8a1c6e6062b7a0a8337abfcb6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-md5: 6xLHynlMM3Vo5ctDSYRhHA==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding: gzip
x-ms-version: 2009-09-19
etag: 0x8DCA5D3418D44B7
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 75769
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: application/json
last-modified: Tue, 16 Jul 2024 20:09:53 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 2b27566b-001e-002e-37c0-d7134d000000
cf-ray: 8c81c711d8c2d3b1-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3829
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202311.1.0/assets/ 21 KB
4 KB 19ms
18ms Fetch
text/css 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202311.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202311.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-md5: c7xAZ9MSGAobGaTYg/Qtag==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 10907
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: text/css
last-modified: Tue, 16 Jul 2024 20:10:05 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: 3d2c1a9d-d01e-00a4-1654-d8a96e000000
cf-ray: 8c81c711d8c7d3b1-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
601 B 26ms
26ms Image
image/svg+xml 2606:4700::6812:562a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.sans.org
URL: https://www.sans.org/blog/bloodhound-sniffing-out-path-through-windows-domains/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:562a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

content-md5: pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
cf-cache-status: HIT
age: 64671
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 24 Sep 2024 09:34:15 GMT
content-type: image/svg+xml
last-modified: Mon, 23 Sep 2024 06:01:56 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-ms-request-id: c50fc515-501e-0097-3cce-0df043000000
cf-ray: 8c81c7120fbbd3b5-FRA
access-control-allow-origin: *
x-ms-blob-type: BlockBlob
server: cloudflare

GET
H2 200 cropped-SANS-Blue-Square-32x32.png
images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt2f0555dca45e068f/60a7f26ea450c25ac83cf8f6/ 935 B
1 KB 8ms
8ms Other
image/png 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt2f0555dca45e068f/60a7f26ea450c25ac83cf8f6/cropped-SANS-Blue-Square-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.2.137 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: contentstack /
Resource Hash: bedaa7c98fc593dbe10a8d3825cb9910f8436dfb90450fda921ba2966a2c740e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.sans.org/

Response headers

fastly-io-info: ifsz=1126 idim=32x32 ifmt=png ofsz=935 odim=32x32 ofmt=png
x-request-id: f045eef0aae2cf5cdcc3c4e0819dffc3
access-control-expose-headers: content-disposition, content-type, cache-control, status, content-length
etag: "0UgNkq5Vh0vzcW4qaVHRvvhAOXYsvromPAg0fKVporo"
age: 33518
x-cache: HIT, HIT
date: Tue, 24 Sep 2024 09:34:15 GMT
content-disposition: inline; filename=cropped-SANS-Blue-Square-32x32.png
x-served-by: cache-sjc10040-SJC, cache-fra-eddf8230116-FRA
x-runtime: 80ms
content-type: image/png
x-contentstack-organization: blt848504a4924ca8db
x-cache-hits: 51, 3
fastly-stats: io=1
cache-control: max-age=31536000
x-timer: S1727170456.795498,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 935
fastly-io-served-by: vpop-haf2300709
server: contentstack

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sans.org/	1970-01-21 08:31:43	Name: visid_incap_1329355 Value: 59yR7uWzTXWYnu7CPj5zppWH8mYAAAAAQUIPAAAAAADo3poviAsA4EzpQpmd7bzS
.sans.org/	1969-12-31 23:59:59	Name: nlbi_1329355_2083615 Value: jE/aAQtCijuIOKS1OuH6GQAAAABCmH49ijMwvwYBKdJLnHoS
.sans.org/	1969-12-31 23:59:59	Name: incap_ses_1343_1329355 Value: GHW3OREf2SPVNKdchUujEpWH8mYAAAAAIVHxRzaGdcvzq6R6eGL1Bg==
www.sans.org/	1970-01-20 23:46:10	Name: ___utmvc Value: 2+Dw1Thrx6Q61Sf+Qw1hUwtwWu8dY/rsqSZAukjSjS6u3noExsM5fA4z9ex+rM7MkBhVBiQBmOSVivv8gHGWkWqPM/hjZ4VIPBeytURamN1OJTL3eyeV8+k9Mw5TfVTRJxRjyciZjp+JOtjPi8VCSv59MM7X9LfV3yXhzqa9ssvTGXqP8rG0XOPE/YzlFmy4BrLFzJVDbpICktbTCKzT4zdKaJl1mvHjlmdeL1IGZcSuXA5bR91G+UmJdb4HIzHi/JQMVA7G1BvP9QOT5g8001F5wI/7KE37k/GgsJXeXq4D1Fc0i1QrecRUWq7tYH1CLx9SuSLwy3ZOd+5tJw8fYavLxCqOBH6AIMJ3tLSTCB+xzIJihMDlZFwVyhbYhhewL67LXez2x+TPwKsmxsuijr0jLYykgT4otLGmDp2ZgNcP375GndwiIlFqtpxuCM0UYkeFzujHJaKKqUI/J3RRb1lH+I8W0PzZWfTq468p6sF2knBoA1WCD2B0Vw9hyLUknXnRhsaloy8COxcv8wd55wfbcoL7fFDfq0RrjlzbWKRIbeFh44wTA1CpGdw53vK45h7w0/3h5NQ8LM/q5+ZqcIoUYYGJJuHg0sU4F8GqBjqjm8WNta5yHYX+8izyHfAmItkrShL0VJ9Cb3YhvgRRp2/OXF0WDHQnRv1esDkToOA+vVhXRwu5PDpr0GwN4FXOx3xNnf4Wm0jKqDtiCk4fhggAiw3CmX/EH96iRxQ0WLsad1sCO9nHbVRP+4bEtjDacY2VIFULJ3CGdbxpW973+QpdzH/1XkOhAnH1iVTYrcfDm0WclmXpmgwaF5LF19UsTPzFE6uqXI2bzHCily69foyE5t4ehjlWn8TDp/cVmheND7vIy/BJgpHiBOMx7hPmv3C398EBcrlY8P99Oo5utivrqulQSKqCnmQHbpFpjQSRdH/mnycwuDxD+4fMkh+7NSN1zmq8ghQmVeU+Ls5aoHvpKE8DLOahZFXC+CingJRQ4azr5GGsLrG0hl5xw0W/H/z3HSEbY3TY5l/0ext7dSMwkoXn7Po73EXjIee2rlLSrRglB/+53aO4I2ZeOnKJFcAfLZ1LW8EHkpiuXBBSmPVb2ve1YgJ1vgFyIjm0RBuEtkU+9ehjdiSl4zu9ubp1fpAa+rD42wyatiKes+YwLpXyJD0PtqvRlSy6hkViGK2nuViv0lbe4NQAiBPyXm5J2JoUMNkuWF1t8w3FYDuoP2FW6aITU9X9E0vu7vwx4MpGYzYYhaEkLB0Ap9UW47MeHiux0ubrZgUlsSEakqXSQSRhnzYkh6LT9lPd0ZU3MOpYD5Gh0l/xpx4yQWYQuE36myCkzQPxXHSozveCqrdWEHkIopURDjO5wxQmvi4+n939FcQNRWBMwu4LHz3QwBBvtbZjgwTY1Q/l/Egrlb0WEYsMpsAjpw5mHJSJWwSa2lEPBRK2BVE6zZQSR6cn5mMRkX/I/maDTZwbcGpEVk3FT5UGARJUQ7CWcXa6tXqxqbS9jYy5Dv/LKtLq5ckYrdnOWqnIlNXEw8A/Z7rGK/OV8sl0wdYLGQgD5j8/32hTdUaZws7tINabAGWKNG7bWVARgN6qBvah5cKbp+SXzTp0xvJOTfkA6gM0LCuQII7HXeryjf1J3wICPU6LhyD+eIgBkA2IQbnMnu3NP3s3JW3hRgq8zkpx52Ci4syquKA6f2Fd1YtKiKInzRAC0va5iD3c9lepHdBrBqCZKx1vS0l+/RmxwzMazT8GsV8/uAgRkA6Qz2dSIhJB3yWddnF0+Hf960zk/4oCXQCKHbFn3I+/Aa3M92+GGwfQhWCWaUL10PXkpJ3dvC6XWJE/mwV8ZxYconx3Yg+lR4hY/I0X+V8hHCJ5IoiERJtKcHOJz74wznzOchLE+siwpx5Iciyf9SeQjcWNFIy3se9QRIRcdXBRqR8HJcXZXmaQVQxLcPbEcD/SihYbC91Em8W4fHnLLdQ3a7C75l4hcmjYVDBR6ZxYO6S1DPvci/j8iShK6RgFQrcxRWn/E4g8RzBKGWySAnSukqoRmlNpVg7vzH+UpjBDikk3XjVd1c8x4iIZOmX3jj9hS5L1+EH43ukV/tFYnknKdw5txESef8cBAom7zJoL1wY+mNzf570gV5toIbqDf+yN53kyogxeeaNC5//LWgl8e/ZtQtEAGo4HhHS0aXa3B2ukOFxW/Og0mxhap19KDkesBPuN3cjO5TqjO9ixcqVVgly9FHzxtcd99MUVKTPg46FjzsxD9iodTGeG9xeAly8A3pbe7SjTWHphyHTT80kBV2EsmY11jfJI5gC7azvD+38kAGlRxcm0dXi+3qKxyRTK2kuomZDg7WKhBy/pRb1PlNJk20bRl2H8T96dAvxbz06CYDbmKoB+jxZBTqU6xkRFm2iDzrC4YwvsgY86SASjNdw1qPYm8UQJhTSe3nprc7O6npYZNu7S4kpOTi7jbGU0kggh+ELG5o4PaBzOxSHthU0lUFKfUA4KV5qpLFcFOb7R5LalmJO7CSAmeQ9mDBjhaFsi+Rf6peFEpSXDYgyjx0+jiyY3lLxbynAAzaQReaP28vc+GPor1AKPqdFP5kE0L4kdkgMmXvL0Shy7DJ0VWLM1Bim8iC1ykrtJ7PGQY5x3KG2hrxtGkgE2i8jcRwQandswBIE5A88V8CiLJcx2uwyQ1RBmOjitN2LZ5/mK9Ck3WdMTcFnhYMxADdOPTfX4K88aC1jeFQWSwQk1Qg5hG0iKPUoYP6x9fqx2BgVqsGQPez4f/ZgMwsYyoF2mXrHrEEC5huIz63jMreR+w1fkFVfqb4Q8lNTWMUosZGlnZXN0PTE5Mzk0MSxzPTYzYTdhM2FkODg2Njg4NzI4OWIyYTc3YzlkNmY2YzkzYTM2MDllOTI2NzhmOWZhNzlhYTk5NTg1N2Y5OTlkYjI5ZGIzNjg4NDc4YTA3MDc2
.sans.org/	1970-01-20 23:46:12	Name: spses.6b32 Value: *
.sans.org/	1970-01-21 09:22:10	Name: spid.6b32 Value: 059bf637-6d3d-491f-a9b2-bf6741bba9e1.1727170455.1.1727170455..aa7db03e-2b26-4a97-aa0b-fc24c913158c..6666579d-7ccd-40fe-bdc3-eacace65dbe7.1727170455031.1
.sans.org/	1970-01-21 08:31:46	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Tue+Sep+24+2024+11%3A34%3A15+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202311.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.sans.org%2Fblog%2Fbloodhound-sniffing-out-path-through-windows-domains%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
api.sans.org/	1970-01-21 08:31:11	Name: visid_incap_2809573 Value: +NogfgAKSf6/JsiYCaFk25aH8mYAAAAAQUIPAAAAAADODLYQ3RyYK2sjJXu4byTV
api.sans.org/	1969-12-31 23:59:59	Name: nlbi_2809573_2682479 Value: BwGwDVY4TC2iT4ne4LPcvAAAAABNKBsvxbxtBkDUdr+HF4qq
api.sans.org/	1969-12-31 23:59:59	Name: incap_ses_877_2809573 Value: oNAsM5fUzzBO/p4i7borDJeH8mYAAAAAdanwMfChbJK8g/xox+2LcA==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://registration.sans.org http://learnmore.sans.org https://learnmore.sans.org https://uat-www.sans.org https://qa-www.sans.org
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW FROM https://uat-www.sans.org http://learnmore.sans.org https://shift7-sans.cs67.force.com https://registration.sans.org https://qa-www.sans.org
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

addsearch.com
api.sans.org
cdn.cookielaw.org
cdn.evgnet.com
cdn.jsdelivr.net
cdn.optimizely.com
fonts.gstatic.com
geolocation.onetrust.com
images.contentstack.io
www.google.com
www.googletagmanager.com
www.gstatic.com
www.sans.org
142.250.185.227
142.250.186.163
142.250.186.68
151.101.128.114
151.101.2.137
2606:4700:4400::ac40:9b77
2606:4700::6812:4239
2606:4700::6812:562a
2a00:1450:4001:831::2008
2a04:4e42:400::485
45.60.31.34
45.60.33.34
99.80.22.109
013720b4aee636386a27d8775f76b963eee6502315602f2e11a950b5d3ebc93d
02341acfd22526ad4569d86455a9c94ab08194bd40f329df6577362aa9fe78ee
0291038e1dab29b2b5d6ee42c102c6249b47e141ac84a88e5b335236474ac129
069231b573c1732783d33f721171bf0ec5b3ca5542330812deedd60da67f46cd
0693e9fb65fb50ef27f0d827d837727d63ae31709a938187d384139bdce8337b
094464d8435e8000de73cd1a252b512a20b88ac21267bc052e984fc11c1e9fb9
0a283859be4396f43003d6e3f087c7be1860a74fee384e821f410c4783d2c8f8
0c5d65c0b908423a93ee58e0e7f5d3eb4bb14228ce8f34da79c8d572e01b29a6
0ddf1c3008869a04f57100949a5540f5cd285d893181070e68ae3d051e97c290
0e02af33d66e0b29417fcf68b6dbad78f8cad144e517d778ff23040c3981cfb6
0e7dcd24f724760d2fc0950cb5343c41a414499feb22339cb69d4a3101b2684b
136001035e2775b18774afa1f03f2065b344bfefa049ba324f563bf6b652e309
141b4c46723463727933fa6c23c7fcf984b90a995859a4f27aa2215bceede46e
15a25f4ec865e2373653f7556651e47d1b1d0b418bfd61f2ad7135362da9ba0e
19e69e2a7d7342a398d73ee1baf1a7c137fd278b787f0e2c82d49728fe9d3890
1e93b530a651320569bb9a1e5afdefa40ef6a77f7d1887a27cb4f5cc049b57a3
1fdfc36fd2186cb71d965a1b34e080d3f4c6ff3e047569fa34ead148e75c2448
246c048b89ed41e99573638bb962271ef5237941708b97730349e57be57ee266
2fa3fbb51afb49325e605d14627d221030e1784744bf0fb3a2ad005fbaca12ab
3332992e96bc009b7a3acfd8484ea65a8b07649aad73abbac8d4973952d93604
37cba10e43067a0214b42d54d09875849f601a914a463c0c1fcacd299070396b
3ba41fce38182620dca1014a127fc616e2cce18368526959702027db3e9d1dde
3e299305ecd4cbeb9d175b9edf675ce4e710f2c0de4291da4083fb5888f04316
3faf06748feaa1c7bc8d9d84d262d209c9c47005cbc5be246743b32e2490d7f8
43f53421fef96a525b5fc208f6a59bd72479f0d9816dba0a416f68ee81d648a6
4a6d06db00567b9cc14987d0002552637832387cf47a1dcd7dfd83fa607a2ab2
5269122827487da84f83f9e6220cbf2024ab507573a1f77ec9b44724e67af340
54d670a4f200d8314a0935b6a4d1fdde99bd04ec56abc2f3d86ebef27a4c37e4
57103fb89893af154cafe3cb97117d458e5b90a4610b8831b8aef8df84061f01
5a661b8cad1a727df1b3b5c68f3f370cc2c037768a76fcb4c0d074e96c5e64c5
5b486c802e9077063a6c7a3e3509cb0b240d42c9741a6178fd111e696c3e0939
5e349873f09d8afdb100db239bd02d093f7133d3db41c5dacddca65dbc93d92d
602358d68544ed2d54986ebd6ae716461cd6d68433e99f2e1ca63d2a284034c3
6288b7c8046be529ea65d19d26b38e064b523fe1b10bf63042d218b4f59ff149
76039a26bb3656600240ac08bc5f0ce450661977af129ab9c746ea4efe45a1a0
76e987438e99c6477838308a149d379d791c4e9692e53f15627d68b5d93cd999
78ca04ceaa354592535991dc60ee768438f0ee7ced1224c5b8e8bd5e5a24898c
7ac5067cb9f7b8702383a92cac6676c311c1afb0d8a098cb7141afa630be1446
7d30435414031894c25be74ea98bde63a851f84e547ea6d942b21f1f0a37e233
8153a07ff759d9f70204dadc9605d989d4851954982f824922520143bc2baf8d
872fb329acdd644c07d450ed141fcf32c93dca871fb970390bc5d29780d8679f
8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1
8d501c87ecf6a67ba39e5a8a05dc89e7456680b2a5260e6439e05724cf42a75e
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
903b11a5dc9938069819c955db61fdf83ae343695a49893776c0405c904a1c37
95dc30d8b40e0bae97c0a41fa52d8d43ef7b66a7de4645c913aa994def62e5dd
99755c96c0916d2ddb174b63841608ab51faf2830a6d7f2b5d76580bf1c2d17c
9ad6c9f4611c7bdec6d90c279b2d3a711c8339c7240b3c686678abc6897d79f4
9bf4d14b1044adeabdb7e7fbe5767bba94622459dc9be7640a3a0c127bd1be6b
9e1be9b9ffd38698f0192855600c9ff3c60c262b23f009ddabed1186783d543c
a03e27429c0cd9800688f0f1b05e63e24aca8f15730bf883be67e38b71ccc7fd
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0aa5707b114579a33f6bd2f1e5bdb28399e0a76431d31c34733664a8b6e2b8f
a45aa8ee64d02baed1f62b6d8d2fcc1e87599ab85f729375d8eff8a6a3765b0b
a5e810c538d9ac115faaaa527625164da813013d225ad8b3f7bf19a3ccc409f2
a7ad2666cfdc2495ef3849d47ea1144f4a493efffa9aeeb4448e60488aec66d3
a90c9a418d43701a0a915c62bdb57f7e5015dfc10654aef67179fc32652ec0f2
b18348575aab267524e78da8f3851be4c40ba78bc38af6b0614cec6322232075
b2383fe9cac7ff3e54654a4d41f53fba1a6d367c0c6ae7f7ee1d334057167a4d
b51a703411091977711b7347bb9dafcd4eea76c3b7f4ca4ea1b71dd0be88670d
b698a7613b5699ab82438105b51d1391ffa6103ce23ad2068e7f66479d1e2baf
be3b161eca24051313cc59d561426001989e585ef63bfb64336994902d2322c9
bedaa7c98fc593dbe10a8d3825cb9910f8436dfb90450fda921ba2966a2c740e
c00f9dc81a56d6a9ff84c25d8c7f22c3712dd8fee84754e2a6ae44182c091996
c1236d3af38b7d049eca1f27f6b2a7acedbf1d6168cee99138ab4730a24fdd6d
c3251560b901d4eb0b9965000bf55b2cc1f4ac64ca092207235483448a3b9a9b
c3c1fbf6acf69b0844bc5b78703c0503649e61d234f3c0934b57b37f62b2cd86
caf866f86bae1262c53afb4dd17e38b4866c07c76783b213e8ebe71fc4bbc0cd
cc4d638dc9c38300d9931fc169f2a90be5c91208919df2f2136dce2c63652ca1
cd33ff8682d2623632707e79b5f3cd2f8c03475a1047e42c446aac518582b619
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d4674524facb7c0646c9a3f0c9f1f5ac40c49e7dacf480c6a2d562da2d3b9ebb
dc8c8031a5ede4d5c2c26b4cdee74bc0e29e2c8a1c6e6062b7a0a8337abfcb6a
ded784189873619127e9b92cbbd531187162d6ab873578d7000c599e043f220d
df6379fe8c34adfb99a5983b564a2c050fde0b61244171c78ebdf08109379603
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb1967cdcbe795eb42eafddbc302d20c9fcf7a23372b68a8b94532c59747c360
ec24e57be28f403d151765cf2cc1d1bbb5c91da19629143091fad4e8805529cc
eda42729558d0f266965ab82a8f295c18e5692b2e2f125c13039708f3a6b2613
f0ec74216fb371986b939c74281b7e4bc4938361c816a0a8439551323fd5e1e7
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
f947a7dfc8b148f98328db891c1b642e66b5dcc9cb3ff42e3898c180f91e6f95
fdccd3f68719f6f758818d17d59487f2973900c5850c618e0b99a9d821da120f

www.sans.org Open in urlscan Pro 45.60.31.34 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

81 Requests

100 %HTTPS

38 %IPv6

11 Domains

13 Subdomains

14 IPs

3 Countries

4567 kBTransfer

8399 kBSize

10 Cookies

19 Outgoing links

Redirected requests

81 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.sans.org Open in urlscan Pro
45.60.31.34 Public Scan

Screenshot
Live screenshot

Full Image

81
Requests

100 %
HTTPS

38 %
IPv6

11
Domains

13
Subdomains

14
IPs

3
Countries

4567 kB
Transfer

8399 kB
Size

10
Cookies

81 HTTP transactions
5 data transactions