urlscan.io logo urlscan.io
SecurityTrails logo

go.dhs.gov Open in urlscan Pro
2a02:26f0:3100:3a8::12b4  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://go.dhs.gov/ZSv
Effective URL: https://go.dhs.gov/ZSv
Submission: On November 26 via manual from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 24 HTTP transactions. The main IP is 2a02:26f0:3100:3a8::12b4, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is go.dhs.gov.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 13th 2023. Valid for: a year.
This is the only time go.dhs.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Downloads These files were downloaded by the website

aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf 692 KB application/pdf
MIME: PDF document, version 1.6
Size: 692 KB (708678 bytes, 100% done)
Downloaded from: https://www.cisa.gov/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf

Domain & IP information

8    2a02:26f0:3100:3a8::12b4 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
go.dhs.gov
6    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:9000:211e:e200:5:83ea:ba80:93a1 (United States)

ASN16509 (AMAZON-02, US)
dap.digitalgov.gov
3    2a02:26f0:3100:795::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
02179912.akstat.io
2    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a02:26f0:3100:4b8::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
3    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2a02:26f0:3100:389::447a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
www.cisa.gov
Apex Domain
Subdomains		 Transfer
8 dhs.gov
go.dhs.gov
39 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
496 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2462
21 KB
2 cisa.gov
www.cisa.gov — Cisco Umbrella Rank: 74305
1 KB
2 akstat.io
02179912.akstat.io — Cisco Umbrella Rank: 72254
398 B
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1444
c.go-mpulse.net — Cisco Umbrella Rank: 654
50 KB
1 digitalgov.gov
dap.digitalgov.gov — Cisco Umbrella Rank: 5507
7 KB
24 7
Domain Requested by
8 go.dhs.gov 1 redirects go.dhs.gov
6 www.googletagmanager.com go.dhs.gov
dap.digitalgov.gov
www.googletagmanager.com
3 region1.google-analytics.com www.googletagmanager.com
2 www.cisa.gov 1 redirects go.dhs.gov
2 02179912.akstat.io s.go-mpulse.net
2 www.google-analytics.com dap.digitalgov.gov
www.google-analytics.com
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net go.dhs.gov
1 dap.digitalgov.gov go.dhs.gov
24 9

This site contains no links.

Subject Issuer Validity Valid
www4.dhs.gov
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-13 -
2024-10-08		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
dap.digitalgov.gov
Amazon RSA 2048 M02		 2023-07-07 -
2024-08-04		 a year crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-05 -
2024-04-04		 a year crt.sh
www3.dhs.gov
DigiCert TLS RSA SHA256 2020 CA1		 2023-08-24 -
2024-07-23		 a year crt.sh

This page contains 2 frames:

Frame: https://www.cisa.gov/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf
Frame ID: 20278B64C4DEF52212C905B852700D4D
Requests: 22 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/AAHHR-YQ7JS-XK2WR-BJA4J-36NS6
Frame ID: AC399F864E5FAA3D3A3702CF6AE7C17B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Redirect to https://www.cisa.gov/uscert/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf

Page URL History Show full URLs

  1. http://go.dhs.gov/ZSv HTTP 301
    https://go.dhs.gov/ZSv Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

100 %
HTTPS

100 %
IPv6

7
Domains

9
Subdomains

8
IPs

2
Countries

614 kB
Transfer

1834 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://go.dhs.gov/ZSv HTTP 301
    https://go.dhs.gov/ZSv Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • https://www.cisa.gov/uscert/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf HTTP 301
  • https://www.cisa.gov/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ZSv
go.dhs.gov/
Redirect Chain
  • http://go.dhs.gov/ZSv
  • https://go.dhs.gov/ZSv
6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:3a8::12b4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
c0fb471201576f4e2f322fffc26127caf5405b93615f53abaaca0770cf88b0cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
private, no-cache
content-encoding
gzip
content-length
3060
content-type
text/html; charset=UTF-8
date
Sun, 26 Nov 2023 18:39:01 GMT
server
Apache
server-timing
cdn-cache; desc=MISS edge; dur=149 origin; dur=666 ak_p; desc="1701023940822_34631252_459564958_81440_14209_30_120_255";dur=1
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-akamai-transformed
9 3205 0 pmb=mRUM,2
x-content-type-options
nosniff

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Sun, 26 Nov 2023 18:39:00 GMT
Location
https://go.dhs.gov/ZSv
Server
AkamaiGHost
Server-Timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1701023940639_34631180_294485784_12_116412_30_0_-";dur=1
shurly_statistics.redirect.css
go.dhs.gov/profiles/god_gov/modules/custom/shurly_statistics/css/ 		197 B
491 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://go.dhs.gov/profiles/god_gov/modules/custom/shurly_statistics/css/shurly_statistics.redirect.css?%20s4a1nl
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:3a8::12b4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
b1460f260180fc2e300b3e06fa5b274f57da942771223435356097aa639f610c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/ZSv
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Fri, 17 Nov 2023 11:17:05 GMT
server
Apache
etag
"c5-60a5746b9e55b"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=45450
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701023941842_34631252_459566290_34_7594_30_0_255";dur=1
accept-ranges
bytes
content-length
148
expires
Mon, 27 Nov 2023 07:16:31 GMT
drupalSettingsLoader.js
go.dhs.gov/core/misc/ 		691 B
767 B 		Script
General
Check archive.org
Download Go to
Full URL
https://go.dhs.gov/core/misc/drupalSettingsLoader.js?s4a1nl
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:3a8::12b4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
f47d56f4e42a0fd576ee274454e24c085010b464b849cabe80041c88aaf45363
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/ZSv
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Fri, 17 Nov 2023 11:16:44 GMT
server
Apache
etag
"2b3-60a574579df7c"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=211039
server-timing
cdn-cache; desc=HIT, edge; dur=29, origin; dur=0, ak_p; desc="1701023941842_34631252_459566291_2906_7593_30_0_219";dur=1
accept-ranges
bytes
content-length
389
expires
Wed, 29 Nov 2023 05:16:20 GMT
jquery.min.js
go.dhs.gov/core/assets/vendor/jquery/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.dhs.gov/core/assets/vendor/jquery/jquery.min.js?s4a1nl
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:3a8::12b4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/ZSv
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Fri, 17 Nov 2023 11:16:42 GMT
server
Apache
etag
"155a6-60a57455eae8b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=211041
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701023941850_34631252_459566292_1196_7738_30_0_219";dur=1
accept-ranges
bytes
content-length
30386
expires
Wed, 29 Nov 2023 05:16:22 GMT
shurly_statistics.redirect.js
go.dhs.gov/profiles/god_gov/modules/custom/shurly_statistics/js/ 		447 B
597 B 		Script
General
Check archive.org
Download Go to
Full URL
https://go.dhs.gov/profiles/god_gov/modules/custom/shurly_statistics/js/shurly_statistics.redirect.js?s4a1nl
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:3a8::12b4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
cbea0068cd816144ee0de8684f3b83b2947d2732343021c122536384c0579fc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/ZSv
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Fri, 17 Nov 2023 21:16:27 GMT
server
Apache
etag
"1bf-60a5fa6404706"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=214640
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701023941842_34631252_459566293_59_7469_30_0_219";dur=1
accept-ranges
bytes
content-length
243
expires
Wed, 29 Nov 2023 06:16:21 GMT
js
www.googletagmanager.com/gtag/ 		273 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CXXB4K63GV
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6aa35878e043589bdf8e07914883ebb4481c7d9af48e44c9e88ea4378ca71531
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92948
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 26 Nov 2023 18:39:02 GMT
Universal-Federated-Analytics-Min.js
dap.digitalgov.gov/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=DHS&pua=0
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:e200:5:83ea:ba80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5aa160ad964402d622c0032f2a12db80a9fa54808305e6ccacf3b4e0db562251

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
zyZrzqhK15RgOdA9RDCbP8yYgwnv7CPf
content-encoding
gzip
via
1.1 8fd360cd20d33fa1400394ae41746f66.cloudfront.net (CloudFront)
date
Sun, 26 Nov 2023 09:08:35 GMT
x-amz-cf-pop
FRA56-C2
age
34227
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 21 Sep 2023 01:19:04 GMT
server
AmazonS3
etag
W/"36612be2a6ccaefd48af22240f0c4f35"
vary
Accept-Encoding
content-type
application/javascript
x-amz-cf-id
6p5b6eNhH-ja2cu2ZEVN4aXK7Y83WWBCWjWYEfXUVgA30cETxBIGHg==
GoDHSgov-logo.svg
go.dhs.gov/profiles/god_gov/themes/custom/go_uswds_subtheme/ 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://go.dhs.gov/profiles/god_gov/themes/custom/go_uswds_subtheme/GoDHSgov-logo.svg
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:3a8::12b4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
8605fb28d1c62811c3243e19f834df7f492e1f47859319bf53001b722ca79046
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/ZSv
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Fri, 17 Nov 2023 11:17:05 GMT
server
Apache
etag
"1aca-60a5746ba4aeb"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=188432
server-timing
cdn-cache; desc=HIT, edge; dur=127, origin; dur=0, ak_p; desc="1701023941842_34631252_459566294_12761_7456_38_0_182";dur=1
accept-ranges
bytes
content-length
2331
expires
Tue, 28 Nov 2023 22:59:33 GMT
gtm.js
www.googletagmanager.com/ 		166 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MHXCMJ6
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
14843d383a18e72c65b371f9251a8e6ae8f31dfe52b11c14e1c1329ded820a98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61231
x-xss-protection
0
last-modified
Sun, 26 Nov 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 26 Nov 2023 18:39:02 GMT
AAHHR-YQ7JS-XK2WR-BJA4J-36NS6
s.go-mpulse.net/boomerang/ Frame AC39 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/AAHHR-YQ7JS-XK2WR-BJA4J-36NS6
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/ZSv
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3100:795::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
content-encoding
br
last-modified
Sun, 29 Oct 2023 12:26:23 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
js
www.googletagmanager.com/gtag/ 		233 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CSLL4ZEK4L
Requested by
Host: dap.digitalgov.gov
URL: https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=DHS&pua=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
45fbd2ef4e04f6d57e04dc097bc5158f5588bc618305ca3d6ea88df6e52c9d26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83394
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 26 Nov 2023 18:39:02 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: dap.digitalgov.gov
URL: https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=DHS&pua=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 26 Nov 2023 17:19:54 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4748
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sun, 26 Nov 2023 19:19:54 GMT
331
go.dhs.gov/ajax/shurly_statistics/log/ 		20 B
748 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://go.dhs.gov/ajax/shurly_statistics/log/331
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/core/assets/vendor/jquery/jquery.min.js?s4a1nl
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3100:3a8::12b4 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
906a1b3be21a9ea771d429a14597a6e2f9029056b7d305aa28351e0c65988ce7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://go.dhs.gov/ZSv
X-Requested-With
XMLHttpRequest
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
x-wcm-h
WCM-15-141
server
Apache
x-frame-options
SAMEORIGIN
x-drupal-ajax-token
1
content-type
application/json
content-language
en
x-generator
Drupal 10 (https://www.drupal.org)
cache-control
private, no-cache, must-revalidate
server-timing
cdn-cache; desc=MISS, edge; dur=136, origin; dur=655, ak_p; desc="1701023942016_34631252_459566512_79130_6774_36_0_219";dur=1
content-length
20
expires
Sun, 26 Nov 2023 18:39:02 GMT
config.json
c.go-mpulse.net/api/ Frame AC39 		624 B
897 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=AAHHR-YQ7JS-XK2WR-BJA4J-36NS6&d=go.dhs.gov&t=5670080&v=1.720.0&if=&sl=0&si=61562388-e626-4bbf-8ca6-6b9b748c0ff8-s4quh0&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=814850
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/AAHHR-YQ7JS-XK2WR-BJA4J-36NS6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3100:4b8::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8837df0c26369091464bfaac9b11a17ab9e06d851e479f4c8f32b6f6f11dd9c8

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sun, 26 Nov 2023 18:39:02 GMT
Cache-Control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
624
Content-Type
application/json
js
www.googletagmanager.com/gtag/ 		273 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2VJXNCXVNN&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHXCMJ6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
96c9c3fedbeec54a46d73d0587c05ef1896c8f896b7fa7b69f0c6c4fbc0ad67d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92854
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 26 Nov 2023 18:39:02 GMT
js
www.googletagmanager.com/gtag/ 		273 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CXXB4K63GV&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHXCMJ6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
902467c2da51ba08dc3065df2791cc9b45c25b4a89a27aabc43b35b5ec4c699f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92859
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 26 Nov 2023 18:39:02 GMT
js
www.googletagmanager.com/gtag/ 		234 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CSLL4ZEK4L&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MHXCMJ6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ad00a54288cbbfe9c4c794b934623aa08ef38e0ddcff535e0bd27658a49d5e6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sun, 26 Nov 2023 18:39:02 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83396
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 26 Nov 2023 18:39:02 GMT
collect
www.google-analytics.com/j/ 		3 B
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1143586639&t=pageview&_s=1&dl=https%3A%2F%2Fgo.dhs.gov%2FZSv&dp=%2FZSv&ul=en-us&de=UTF-8&dt=Redirect%20to%20https%3A%2F%2Fwww.cisa.gov%2Fuscert%2Fsites%2Fdefault%2Ffiles%2Fpublications%2Faa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAQABAAAAACAAoC~&jid=1745553207&gjid=949886505&cid=1522577770.1701023942&tid=UA-33523145-1&_gid=964246491.1701023942&_r=1&_slc=1&cd1=DHS&cd2=go.dhs.gov&cd3=20230920%20v6.8%20-%20Dual%20Tracking&cd4=unspecified%3Ago.dhs.gov&cd5=unspecified%3Ago.dhs.gov&cd6=https%3A%2F%2Fdap.digitalgov.gov%2FUniversal-Federated-Analytics-Min.js&cd7=https%3A&z=1625346393
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://go.dhs.gov/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 26 Nov 2023 18:39:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://go.dhs.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
250 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-CSLL4ZEK4L&gtm=45je3b81v9131934939&_p=1701023941847&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&ir=0&cid=1522577770.1701023942&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dl=https%3A%2F%2Fgo.dhs.gov%2FZSv&sid=1701023942&sct=1&seg=0&dt=Redirect%20to%20https%3A%2F%2Fwww.cisa.gov%2Fuscert%2Fsites%2Fdefault%2Ffiles%2Fpublications%2Faa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf&en=page_view&_fv=1&_ss=1&_ee=1&ep.agency=DHS&ep.subagency=GO.DHS.GOV&ep.site_topic=unspecified%3Ago.dhs.gov&ep.site_platform=unspecified%3Ago.dhs.gov&ep.script_source=https%3A%2F%2Fdap.digitalgov.gov%2Funiversal-federated-analytics-min.js&ep.version=20230920%20v6.8%20-%20dual%20tracking&ep.protocol=https%3A&tfd=1715
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CSLL4ZEK4L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 26 Nov 2023 18:39:02 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://go.dhs.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-CXXB4K63GV&gtm=45je3b81v9115688676&_p=1701023941847&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1522577770.1701023942&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701023942&sct=1&seg=0&dl=https%3A%2F%2Fgo.dhs.gov%2FZSv&dt=Redirect%20to%20https%3A%2F%2Fwww.cisa.gov%2Fuscert%2Fsites%2Fdefault%2Ffiles%2Fpublications%2Faa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1749
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CXXB4K63GV
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 26 Nov 2023 18:39:02 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://go.dhs.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-2VJXNCXVNN&gtm=45je3b81v9121562192z89115679939&_p=1701023941847&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1522577770.1701023942&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701023942&sct=1&seg=0&dl=https%3A%2F%2Fgo.dhs.gov%2FZSv&dt=Redirect%20to%20https%3A%2F%2Fwww.cisa.gov%2Fuscert%2Fsites%2Fdefault%2Ffiles%2Fpublications%2Faa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf&en=page_view&_fv=1&_ss=1&tfd=1791
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2VJXNCXVNN&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://go.dhs.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 26 Nov 2023 18:39:02 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://go.dhs.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
02179912.akstat.io/ 		0
198 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://02179912.akstat.io/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/AAHHR-YQ7JS-XK2WR-BJA4J-36NS6
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3100:795::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://go.dhs.gov/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 26 Nov 2023 18:39:02 GMT
content-type
image/gif
access-control-allow-origin
https://go.dhs.gov
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
0
expires
Sun, 26 Nov 2023 18:39:02 GMT
aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf
www.cisa.gov/sites/default/files/publications/
Redirect Chain
  • https://www.cisa.gov/uscert/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf
  • https://www.cisa.gov/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cisa.gov/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf
Requested by
Host: go.dhs.gov
URL: https://go.dhs.gov/profiles/god_gov/modules/custom/shurly_statistics/js/shurly_statistics.redirect.js?s4a1nl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3100:389::447a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://go.dhs.gov/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=238625
Connection
keep-alive
Content-Length
708678
Content-Type
application/pdf
Date
Sun, 26 Nov 2023 18:39:03 GMT
ETag
"ad046-5f184b96cfd10"
Expires
Wed, 29 Nov 2023 12:56:08 GMT
Last-Modified
Thu, 05 Jan 2023 14:00:32 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff

Redirect headers

Cache-Control
private, no-cache, must-revalidate
Connection
keep-alive
Content-Language
en
Content-Length
950
Content-Type
text/html; charset=UTF-8
Date
Sun, 26 Nov 2023 18:39:03 GMT
Expires
Sun, 26 Nov 2023 18:39:03 GMT
Location
https://www.cisa.gov/sites/default/files/publications/aa22-277a-impacket-and-exfiltration-tool-used-to-steal-sensitive-information-from-defense-industrial-base-organization.pdf
Server
Apache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
X-Drupal-Cache
HIT
X-Frame-Options
SAMEORIGIN
X-Generator
Drupal 10 (https://www.drupal.org)
X-Redirect-ID
11026
X-WCM-H
WCM-14-140
/
02179912.akstat.io/ 		0
200 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://02179912.akstat.io/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/AAHHR-YQ7JS-XK2WR-BJA4J-36NS6
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:3100:795::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://go.dhs.gov/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 26 Nov 2023 18:39:03 GMT
content-type
image/gif
access-control-allow-origin
https://go.dhs.gov
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
0
expires
Sun, 26 Nov 2023 18:39:03 GMT

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| dataLayer object| drupalSettings function| $ function| jQuery object| BOOMR_mq string| BOOMR_API_key object| BOOMR number| BOOMR_lstart function| gtag string| tObjectCheck object| _allowedQuerystrings boolean| isSearch object| oCONFIG object| head object| GA4Object boolean| trackerFlag function| _onEveryPage function| _defineCookieDomain function| _defineAgencyCDsValues function| _cleanBooleanParam function| _isValidUANum function| _isValidGA4Num function| _cleanDimensionValue function| _updateConfig function| _sendCustomDimensions function| _sendCustomMetrics function| _sendEvent function| _mapGA4toUA function| _sendPageview function| gas function| _URIHandler function| _sendViewSearchResult function| _isExcludedReferrer function| createTracker function| _initAutoTracker undefined| videoArray_fed undefined| playerArray_fed undefined| _f33 undefined| _f66 undefined| _f90 undefined| tag undefined| firstScriptTag undefined| youtube_parser_fed undefined| IsYouTube_fed undefined| YTUrlHandler_fed undefined| _initYouTubeTracker undefined| onYouTubePlayerAPIReady undefined| onFedPlayerReady undefined| onFedPlayerStateChange function| _initIdAssigner function| _tagClicks function| _scrubbedURL function| _setAllowedQS function| _setUpTrackers function| _setUpTrackersIfReady string| GoogleAnalyticsObject function| ga string| _fullParams string| _keyValuePair string| _key string| _value object| google_tag_manager object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady number| BOOMR_configt number| BOOMR_onload

10 Cookies

Domain/Path Name / Value
.dhs.gov/ Name: ak_bmsc
Value: 98A4D01B34D10C9AFBB2AA4B2C91F44C~000000000000000000000000000000~YAAQVG4QAkg+H92LAQAApITtDBVrvHWpbOCJTgKCq4m/hUEJbxWAamfqqD2EbAkTeXurEG5KT16OdoTnA3JQnGcG418tHZJdfOqwo0MypEcjNswAUj5tjuHrOCItOzFjkpF6xzrnRBuaUflMN6DoqMz0MM21v81reoGzwZkn1cSYI/q+w7KtHOIPxp8zEcVi9wdmTNcqYcgcxsEkoosg38M6qcMqg9p8PU1Xuej6lVrGb4yjyrcJ48R8pbxBSAgXukmhPNnjmmkFnMX6Xux6AEm8rQ/bYtq5CuSx9GXAHhyc5Og0LY+ZxHD8Cs6iysgTyWaxxvKuUa5E6C+9r+GDnHFVLXFyb8x14BEvkU0kJTq12EK1NBANfwNwj+zQbiDiqoSaFARWt6aYeAfFwlE=
.go.dhs.gov/ Name: _ga
Value: GA1.3.1522577770.1701023942
.go.dhs.gov/ Name: _gid
Value: GA1.3.964246491.1701023942
.go.dhs.gov/ Name: _gat_GSA_ENOR0
Value: 1
.dhs.gov/ Name: _ga
Value: GA1.1.1522577770.1701023942
.dhs.gov/ Name: _ga_CSLL4ZEK4L
Value: GS1.1.1701023942.1.0.1701023942.0.0.0
.dhs.gov/ Name: _ga_CXXB4K63GV
Value: GS1.1.1701023942.1.0.1701023942.0.0.0
.dhs.gov/ Name: _ga_2VJXNCXVNN
Value: GS1.1.1701023942.1.0.1701023942.0.0.0
.dhs.gov/ Name: bm_sv
Value: 42A9C82D311F358653B7443C8DBF5CD2~YAAQVG4QAl4+H92LAQAAnYjtDBV1V4l3r5nnqaC+c7Zt7bqaHaqrE/AdVrxnWwkEpFvEtNvQmZ2GUOM0HPjll3QA3EOipICyDPCYQ7LntRjyhPFxR2iBUsXLfO7M/WGQtHQ5cFp2wsLgJi41TroqNQZIa3pSLEDjsHiH3Y5J7D9nsY79MjFjA6zhcnjpeiyNQaI28aEkApytkMjgaLb3LyDWdCakG5U0GGot1jC7rZJmkl7+eI1C8LFUhY49~1
.cisa.gov/ Name: ak_bmsc
Value: 7CB98BC218FDE682598D9CE1035CC65B~000000000000000000000000000000~YAAQTm4QArJlGNyLAQAAq4ntDBUFOHlrxby7Mk0CugZg0bAhS8kX0kdHXHCIQJH/0vV0SbCSDwpHzBdRXQesK3UIYXEc/7tjLNaGYxcwgEPXRu9lIGgu9XloZnvdw2VNJUf2oXgyCM3j+MlP/3bswbcQtbnNahlgrg2q4pRaAYT7axQW8uP56waVFJKLH8xggLEfaniP+IpW8WLJRV3BevdUPhBIxDGvXFiqhgwnPOaHsEpTqzl8Bcsd/G1zgPDRt799FX/RGzWXPwi/6LiqS/G+Naf/OCqn3T14hvWeUgLtH8as5rK0TAAMKu6pzcbrvo7qoYkR7HYWIfAIgvuBYugGgVN3CCX2+Z6f5k/NTK3nu89guLcYULnUHEpF1NPbHkpMXvg=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179912.akstat.io
c.go-mpulse.net
dap.digitalgov.gov
go.dhs.gov
region1.google-analytics.com
s.go-mpulse.net
www.cisa.gov
www.google-analytics.com
www.googletagmanager.com
2001:4860:4802:34::36
2600:9000:211e:e200:5:83ea:ba80:93a1
2a00:1450:4001:809::2008
2a00:1450:4001:812::200e
2a02:26f0:3100:389::447a
2a02:26f0:3100:3a8::12b4
2a02:26f0:3100:4b8::11a6
2a02:26f0:3100:795::11a6
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
14843d383a18e72c65b371f9251a8e6ae8f31dfe52b11c14e1c1329ded820a98
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
45fbd2ef4e04f6d57e04dc097bc5158f5588bc618305ca3d6ea88df6e52c9d26
5aa160ad964402d622c0032f2a12db80a9fa54808305e6ccacf3b4e0db562251
6aa35878e043589bdf8e07914883ebb4481c7d9af48e44c9e88ea4378ca71531
8605fb28d1c62811c3243e19f834df7f492e1f47859319bf53001b722ca79046
8837df0c26369091464bfaac9b11a17ab9e06d851e479f4c8f32b6f6f11dd9c8
902467c2da51ba08dc3065df2791cc9b45c25b4a89a27aabc43b35b5ec4c699f
906a1b3be21a9ea771d429a14597a6e2f9029056b7d305aa28351e0c65988ce7
96c9c3fedbeec54a46d73d0587c05ef1896c8f896b7fa7b69f0c6c4fbc0ad67d
ad00a54288cbbfe9c4c794b934623aa08ef38e0ddcff535e0bd27658a49d5e6b
b1460f260180fc2e300b3e06fa5b274f57da942771223435356097aa639f610c
c0fb471201576f4e2f322fffc26127caf5405b93615f53abaaca0770cf88b0cb
cbea0068cd816144ee0de8684f3b83b2947d2732343021c122536384c0579fc1
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f47d56f4e42a0fd576ee274454e24c085010b464b849cabe80041c88aaf45363