www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Submission: On June 18 via api (June 18th 2021, 3:31:19 am UTC) from US

Summary HTTP 227 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 65 IPs in 6 countries across 59 domains to perform 227 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on May 21st 2021. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	2a02:e980:107... 2a02:e980:107::cf	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
6	104.16.95.80 104.16.95.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:aef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.45.104.85 23.45.104.85	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
1	99.86.242.68 99.86.242.68	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:710... 2a02:26f0:7100:481::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 6	52.17.151.21 52.17.151.21	16509 (AMAZON-02) (AMAZON-02)
2	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6812:1bbe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:809::2013	15169 (GOOGLE) (GOOGLE)
2	99.86.242.50 99.86.242.50	16509 (AMAZON-02) (AMAZON-02)
74	143.204.205.35 143.204.205.35	16509 (AMAZON-02) (AMAZON-02)
1	51.11.20.152 51.11.20.152	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	163.171.128.148 163.171.128.148	54994 (QUANTILNE...) (QUANTILNETWORKS)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:215... 2600:9000:2156:1600:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	216.200.122.11 216.200.122.11	6461 (ZAYO-6461) (ZAYO-6461)
4 7	216.58.212.134 216.58.212.134	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
3 3	2620:119:50e3... 2620:119:50e3:101::6cae:b45	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
3	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	13.32.2.16 13.32.2.16	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	206.19.49.24 206.19.49.24	7018 (ATT-INTER...) (ATT-INTERNET4)
2	65.9.77.113 65.9.77.113	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	184.30.24.121 184.30.24.121	16625 (AKAMAI-AS) (AKAMAI-AS)
1 6	2a02:26f0:710... 2a02:26f0:7100::687e:24b0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	65.9.77.25 65.9.77.25	16509 (AMAZON-02) (AMAZON-02)
1	184.30.20.207 184.30.20.207	16625 (AKAMAI-AS) (AKAMAI-AS)
1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	52.49.183.138 52.49.183.138	16509 (AMAZON-02) (AMAZON-02)
1 2	65.9.77.47 65.9.77.47	16509 (AMAZON-02) (AMAZON-02)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
14 17	52.208.183.163 52.208.183.163	16509 (AMAZON-02) (AMAZON-02)
1	23.218.209.154 23.218.209.154	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.32.2.47 13.32.2.47	16509 (AMAZON-02) (AMAZON-02)
1	35.156.153.71 35.156.153.71	16509 (AMAZON-02) (AMAZON-02)
1 2	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	70.42.32.95 70.42.32.95	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	3.65.212.7 3.65.212.7	16509 (AMAZON-02) (AMAZON-02)
1 2	3.120.52.76 3.120.52.76	16509 (AMAZON-02) (AMAZON-02)
1	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
2	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
1	13.224.195.101 13.224.195.101	16509 (AMAZON-02) (AMAZON-02)
2	52.0.189.149 52.0.189.149	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:3::720 2a04:4e42:3::720	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
227	65

26 2a02:e980:107::cf (United States)

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.95.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-abj.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:aef (United States)

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.104.85 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-104-85.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.242.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-242-68.vie50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:7100:481::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.17.151.21 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:1bbe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

visitor.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.242.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-242-50.vie50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

74 143.204.205.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-205-35.fra53.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.11.20.152 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.chip2gift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.171.128.148 (Germany)

ASN54994 (QUANTILNETWORKS, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.220.243 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:1600:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.122.11 (United States) 1 redirects

ASN6461 (ZAYO-6461, US)

gwmtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.212.134 (Mountain View, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10487471.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:119:50e3:101::6cae:b45 (United States) 3 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.2.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-2-16.vie50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)

apt.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.77.113 (United States)

ASN16509 (AMAZON-02, US)

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.24.121 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-24-121.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:7100::687e:24b0 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.77.25 (United States)

ASN16509 (AMAZON-02, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.20.207 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-207.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.183.138 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.77.47 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 52.208.183.163 (Dublin, Ireland) 14 redirects

ASN16509 (AMAZON-02, US)

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.209.154 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-209-154.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.2.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-2-47.vie50.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.156.153.71 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.218.208.246 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.95 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.65.212.7 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.52.76 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-52-76.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.90 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.195.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-101.fra2.r.cloudfront.net

embeds.driftcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.0.189.149 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-189-149.compute-1.amazonaws.com

event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	driftt.com js.driftt.com	755 KB
26	proofpoint.com www.proofpoint.com	3 MB
22	adroll.com 14 redirects s.adroll.com d.adroll.com	30 KB
19	drift.com metrics.api.drift.com bootstrap.api.drift.com targeting.api.drift.com event.api.drift.com flow.api.drift.com	7 KB
11	doubleclick.net 5 redirects ad.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net 10487471.fls.doubleclick.net 4788165.fls.doubleclick.net cm.g.doubleclick.net	7 KB
6	linkedin.com 4 redirects px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com	3 KB
6	google.com adservice.google.com www.google.com	1 KB
6	marketo.com app-abj.marketo.com	142 KB
5	g2crowd.com tracking.g2crowd.com	4 KB
4	facebook.net connect.facebook.net	173 KB
4	company-target.com 1 redirects api.company-target.com segments.company-target.com	4 KB
4	avct.cloud 2 redirects ads.avct.cloud	1 KB
4	google-analytics.com www.google-analytics.com	20 KB
3	demandbase.com scripts.demandbase.com tag.demandbase.com	81 KB
3	facebook.com www.facebook.com	400 B
3	google.de www.google.de	650 B
3	adnxs.com 2 redirects secure.adnxs.com ib.adnxs.com	3 KB
3	reactful.com visitor.reactful.com	106 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	62 KB
3	bing.com bat.bing.com	9 KB
2	nr-data.net bam-cell.nr-data.net	1 KB
2	openx.net 1 redirects us-u.openx.net	479 B
2	bidswitch.net 1 redirects x.bidswitch.net	872 B
2	3lift.com 1 redirects eb2.3lift.com	739 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	techtarget.com trk.techtarget.com apt.techtarget.com	3 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	2 KB
2	avocet.io 2 redirects ads.avocet.io	280 B
2	licdn.com snap.licdn.com	5 KB
2	marketo.net munchkin.marketo.net	6 KB
2	geoip-js.com geoip-js.com	3 KB
2	googleadservices.com www.googleadservices.com	31 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	gstatic.com fonts.gstatic.com	15 KB
1	imgix.net driftt.imgix.net	20 KB
1	driftcdn.com embeds.driftcdn.com	11 KB
1	newrelic.com js-agent.newrelic.com	12 KB
1	taboola.com sync.taboola.com	248 B
1	yahoo.com ads.yahoo.com	445 B
1	pubmatic.com simage2.pubmatic.com	549 B
1	outbrain.com sync.outbrain.com	477 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	advertising.com pixel.advertising.com	125 B
1	moatads.com z.moatads.com	1 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	138 B
1	rlcdn.com id.rlcdn.com	66 B
1	sitescout.com pixel.sitescout.com	267 B
1	mathtag.com pixel.mathtag.com	506 B
1	addthis.com s7.addthis.com	114 KB
1	twitter.com analytics.twitter.com	657 B
1	t.co t.co	454 B
1	gwmtracking.com 1 redirects gwmtracking.com	389 B
1	ml-api.io attr.ml-api.io	242 B
1	ml-attr.com 1 redirects s.ml-attr.com	279 B
1	chip2gift.com secure.chip2gift.com	255 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googletagmanager.com www.googletagmanager.com	71 KB
1	googleoptimize.com www.googleoptimize.com	41 KB
227	59

	Domain	Requested by
74	js.driftt.com	www.proofpoint.com js.driftt.com
26	www.proofpoint.com	www.proofpoint.com
16	d.adroll.com	13 redirects www.proofpoint.com
6	targeting.api.drift.com	js.driftt.com
6	metrics.api.drift.com	js.driftt.com
6	s.adroll.com	1 redirects www.googletagmanager.com www.proofpoint.com s.adroll.com d.adroll.com
6	app-abj.marketo.com	www.proofpoint.com app-abj.marketo.com
5	tracking.g2crowd.com	www.proofpoint.com
4	connect.facebook.net	www.proofpoint.com connect.facebook.net
4	ads.avct.cloud	2 redirects www.proofpoint.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.proofpoint.com
3	bootstrap.api.drift.com	js.driftt.com
3	10487471.fls.doubleclick.net	1 redirects www.googletagmanager.com www.proofpoint.com
3	www.facebook.com	www.proofpoint.com connect.facebook.net
3	www.google.de	www.proofpoint.com
3	www.google.com	www.proofpoint.com
3	px.ads.linkedin.com	3 redirects
3	adservice.google.com	www.proofpoint.com 4788165.fls.doubleclick.net 10487471.fls.doubleclick.net
3	visitor.reactful.com	www.proofpoint.com visitor.reactful.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.proofpoint.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	bam-cell.nr-data.net	js-agent.newrelic.com
2	us-u.openx.net	1 redirects www.proofpoint.com
2	x.bidswitch.net	1 redirects www.proofpoint.com
2	eb2.3lift.com	1 redirects www.proofpoint.com
2	dsum-sec.casalemedia.com	1 redirects www.proofpoint.com
2	segments.company-target.com	1 redirects www.proofpoint.com
2	match.prod.bidr.io	2 redirects
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	scripts.demandbase.com	www.proofpoint.com tag.demandbase.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	px4.ads.linkedin.com	www.proofpoint.com 10487471.fls.doubleclick.net
2	ad.doubleclick.net	2 redirects
2	secure.adnxs.com	2 redirects
2	api.company-target.com	www.proofpoint.com scripts.demandbase.com
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	ads.avocet.io	2 redirects
2	snap.licdn.com	www.proofpoint.com 10487471.fls.doubleclick.net
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
2	www.googleadservices.com	www.proofpoint.com www.googletagmanager.com
2	fonts.googleapis.com	www.proofpoint.com js.driftt.com
1	fonts.gstatic.com	fonts.googleapis.com
1	driftt.imgix.net	js.driftt.com
1	embeds.driftcdn.com	js.driftt.com
1	js-agent.newrelic.com	www.proofpoint.com
1	cm.g.doubleclick.net	1 redirects
1	ib.adnxs.com	www.proofpoint.com
1	sync.taboola.com	www.proofpoint.com
1	ads.yahoo.com	www.proofpoint.com
1	simage2.pubmatic.com	www.proofpoint.com
1	sync.outbrain.com	www.proofpoint.com
1	pixel.rubiconproject.com	www.proofpoint.com
1	pixel.advertising.com	www.proofpoint.com
1	tag.demandbase.com	scripts.demandbase.com
1	z.moatads.com	s7.addthis.com
1	d.adroll.mgr.consensu.org	1 redirects
1	id.rlcdn.com	www.proofpoint.com
1	pixel.sitescout.com	10487471.fls.doubleclick.net
1	pixel.mathtag.com	4788165.fls.doubleclick.net
1	vars.hotjar.com	static.hotjar.com
1	s7.addthis.com	www.proofpoint.com
1	analytics.twitter.com	static.ads-twitter.com
1	apt.techtarget.com	www.proofpoint.com
1	script.hotjar.com	static.hotjar.com
1	t.co	www.proofpoint.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.linkedin.com	1 redirects
1	gwmtracking.com	1 redirects
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	trk.techtarget.com	www.proofpoint.com
1	secure.chip2gift.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.googletagmanager.com	www.proofpoint.com
1	www.googleoptimize.com	www.proofpoint.com
227	78

This site contains links to these domains. Also see Links.

Domain
proofpointcommunities.force.com
suite.nexgate.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
us1.proofpointessentials.com
partners.proofpoint.com
go.proofpoint.com
investors.proofpoint.com
github.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2021-05-21` - `2022-05-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
app-abj.marketo.com Cloudflare Inc ECC CA-3	`2021-06-05` - `2022-06-04`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-17` - `2021-08-17`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2021-04-12` - `2021-10-12`	6 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.avct.cloud R3	`2021-04-30` - `2021-07-29`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
*.reactful.com Go Daddy Secure Certificate Authority - G2	`2021-05-07` - `2022-06-08`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-05-26` - `2021-08-24`	3 months	crt.sh
trk.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-17` - `2022-05-17`	2 years	crt.sh
*.ml-api.io Amazon	`2021-01-20` - `2022-02-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-04-15` - `2021-10-15`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh
*.techtarget.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-25` - `2021-10-24`	2 years	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
adroll.com R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2021-07-15`	a year	crt.sh
*.sitescout.com RapidSSL RSA CA 2018	`2020-01-15` - `2022-02-02`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2020-10-08` - `2021-11-07`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2021-03-01` - `2021-08-24`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-27` - `2021-07-14`	2 months	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-21` - `2022-04-10`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
*.driftcdn.com Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-05-24` - `2021-08-16`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Frame ID: 34BFAC49E2A671AE915C7C4A9B60E2FE
Requests: 141 HTTP requests in this frame

Frame: https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks
Frame ID: E78D1E1EEBFCECAC315A393F711B67C0
Requests: 5 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374
Frame ID: 26A34CF50047706A033CF33823A34AB5
Requests: 3 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: D6D4D62EB3272F3E447D2CC47D45B910
Requests: 1 HTTP requests in this frame

Frame: https://app-abj.marketo.com/index.php/form/XDFrame
Frame ID: 38F84F8C597E87B37CE0676FD6339CDE
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
Frame ID: BDBBF67589FF0CA1CEC09884C55F36D5
Requests: 45 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat
Frame ID: F1AD851CA5F28DAFD1FA9DAC0D2355C0
Requests: 42 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

227
Requests

100 %
HTTPS

34 %
IPv6

59
Domains

78
Subdomains

65
IPs

6
Countries

4568 kB
Transfer

10309 kB
Size

23
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpointcommunities.force.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://suite.nexgate.com/users/sign_in
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/
Title: Channel PartnersBecome a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/prm/English/s/applicant
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://go.proofpoint.com/cpe-credit-overview.html?utm_source=website
Title: Watch now to earn your CPE credits

Search URL Search Domain Scan URL

URL: https://investors.proofpoint.com/
Title: Investor Center View Proofpoint investor relations information, including press releases, financial results and events.

Search URL Search Domain Scan URL

URL: https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/Anti%20Debug/Interrupt_3.cpp
Title: https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/Anti%20Debug/Interrupt_3.cpp

Search URL Search Domain Scan URL

URL: https://github.com/spender-sandbox/cuckoomon-modified/blob/MSVC/hook_sleep.c#L122
Title: https://github.com/spender-sandbox/cuckoomon-modified/blob/MSVC/hook_sleep.c#L122

Search URL Search Domain Scan URL

URL: https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/Anti%20Debug/WriteWatch.cpp
Title: https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/Anti%20Debug/WriteWatch.cpp

Search URL Search Domain Scan URL

URL: https://github.com/spender-sandbox/cuckoomon-modified/blob/MSVC/hook_thread.c#L232
Title: https://github.com/spender-sandbox/cuckoomon-modified/blob/MSVC/hook_thread.c#L232

Search URL Search Domain Scan URL

URL: http://investors.proofpoint.com/
Title: Investors Center

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 301
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j HTTP 302
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

Request Chain 62

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 301
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j HTTP 302
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

Request Chain 67

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=1858076957993708831

Request Chain 68

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=692409771 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CLiY8J6foPECFUK_GAodWggPyg;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLiY8J6foPECFUK_GAodWggPyg;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Request Chain 69

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26time%3D1623987059322%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fthreat-insight%252Fpost%252Fparasite-http-rat-cooks-stew-stealthy-tricks%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&liSync=true&e_ipv6=AQIVLPtqfXgo_gAAAXodK_4nUAk-EGOXlUqRwJdnRbINSuLn3WGy4p3oQTippdOdTPesMbav

Request Chain 98

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks HTTP 302
https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks

Request Chain 100

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374

Request Chain 114

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1623987060248&url=https%3A%2F%2Fwww.proofpoint.com%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1623987060248&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQLz4-5aJOcspwAAAXodK_5shqUYtBlumc6BST8BORoEHyfyfNtstrBcHq7iw2MBBY-bVngW

Request Chain 121

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAEYBE7BmCcAADdTeNbNEQ HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEYBE7BmCcAADdTeNbNEQ&verifyHash=2d1f955977dd80a695fee3ebd916bf67f907eb5d

Request Chain 123

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 125

https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=c2bb607fcae0786611cf9bd53d48cf8b&_b=2 HTTP 302
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=c2bb607fcae0786611cf9bd53d48cf8b&_b=2

Request Chain 130

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&pv=19964664557.36763&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

Request Chain 134

https://d.adroll.com/cm/aol/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 135

https://d.adroll.com/cm/index/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expiration=1655523060 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expiration=1655523060&C=1

Request Chain 136

https://d.adroll.com/cm/n/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expires=365

Request Chain 137

https://d.adroll.com/cm/outbrain/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

Request Chain 138

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 139

https://d.adroll.com/cm/r/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 140

https://d.adroll.com/cm/taboola/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

Request Chain 141

https://d.adroll.com/cm/triplelift/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 142

https://d.adroll.com/cm/b/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

Request Chain 143

https://d.adroll.com/cm/x/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

Request Chain 145

https://d.adroll.com/cm/o/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=3676dc851b43a1ad650dab69428d5edf HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3676dc851b43a1ad650dab69428d5edf

Request Chain 146

https://d.adroll.com/cm/g/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=NnbchRtDoa1lDatpQo1e3w HTTP 302
https://d.adroll.com/cm/g/in

227 HTTP transactions
22 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set parasite-http-rat-cooks-stew-stealthy-tricks Show response
www.proofpoint.com/us/threat-insight/post/ 69 KB
22 KB 712ms
673ms Document
text/html 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

79764a3ae68dab632c9b569151e5d061dfe56225b0038438de7af50ce0c69f14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.proofpoint.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Fri, 18 Jun 2021 03:30:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 20524
Connection: keep-alive
Cache-Control: max-age=86400, public
X-Drupal-Dynamic-Cache: MISS
Link: <https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks>; rel="canonical", <https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks>; rel="shortlink" <https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks>; rel="alternate"; hreflang="en-us"
X-UA-Compatible: IE=edge
Content-language: en
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Expires: Fri, 18 Jun 2021 16:18:48 GMT
Last-Modified: Thu, 17 Jun 2021 16:18:47 GMT
ETag: "1623946727"
Vary: Cookie,Accept-Encoding
X-Generator: Drupal 8 (https://www.drupal.org)
X-Permitted-Cross-Domain-Policies: none
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: origin-when-cross-origin
Feature-Policy: geolocation 'self'
X-Drupal-Cache: MISS
Content-Encoding: gzip
X-Request-ID: v-b1dab02e-cf87-11eb-94c7-87a11788c55d
X-AH-Environment: prod
Age: 40330
Via: varnish
X-Cache: HIT
X-Cache-Hits: 2
Accept-Ranges: bytes
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvmkyuLalI=wcxxXYCsbrV; path=/; Max-Age=900; Secure; SameSite=None ___utmvakyuLalI=ohNcXuP; path=/; Max-Age=900; Secure; SameSite=None ___utmvbkyuLalI=PZi XjMOcalP: htG; path=/; Max-Age=900; Secure; SameSite=None
X-CDN: Imperva
X-Iinfo: 11-18333493-18333494 NNNN CT(163 336 0) RT(1623987057966 8) q(0 0 5 0) r(7 7) U18

GET
H/1.1 200
OK Cookie set proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
19 KB 191ms
176ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

484fb34102101a6a5c04a80954d6a5d99a6499924256469945d49ead6c4d2529

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.proofpoint.com
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 876660
X-Cache: HIT
X-Iinfo: 7-14906661-14906662 NNNY CT(167 338 0) RT(1623987058658 9) q(0 0 0 -1) r(2 2) U18
X-Cache-Hits: 3937
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 18296
X-Request-ID: v-7719030c-c7ec-11eb-ae37-cfa7c5b842ce
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: max-age=1209600
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Accept-Ranges: bytes
Expires: Mon, 21 Jun 2021 23:59:58 GMT

GET
H/1.1 200
OK Cookie set RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 24ms
9ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.proofpoint.com
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "39ed386e"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Iinfo: 11-18333516-18332814 2CNN RT(1623987058658 9) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208292, public
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Content-Length: 21036
Expires: Fri, 02 Jul 2021 03:09:10 GMT

GET
H/1.1 200
OK Cookie set fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 20 KB
20 KB 29ms
14ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.proofpoint.com
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "3a88d25f"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Iinfo: 12-20591556-20591557 2CNN RT(1623987058658 9) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208292, public
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Content-Length: 19976
Expires: Fri, 02 Jul 2021 03:09:10 GMT

GET
H/1.1 200
OK Cookie set fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
17 KB 194ms
171ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

12326e8f0accb3ea4158ecf1cb2ab2e1b95d6a0f5eb1b80c86621f087b4363f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.proofpoint.com
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 877935
X-Cache: HIT
X-Iinfo: 13-35678232-35678234 NNNY CT(163 338 0) RT(1623987058658 17) q(0 0 0 -1) r(2 2) U18
X-Cache-Hits: 3901
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 16540
X-Request-ID: v-7ed0f468-c7e9-11eb-9110-afc5913ed4ff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: max-age=1209600
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Accept-Ranges: bytes
Expires: Mon, 21 Jun 2021 23:38:43 GMT

GET
H/1.1 200
OK Cookie set RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
22 KB 39ms
9ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.proofpoint.com
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "8df65834"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Iinfo: 11-18333516-18332814 2CNN RT(1623987058658 24) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208293, public
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Content-Length: 21384
Expires: Fri, 02 Jul 2021 03:09:11 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 114 KB
41 KB 43ms
22ms Script
application/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2b90ce389507f050b8c38905dea533f2b1e18012c9e504c11d93b71c7fdf4157

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41943
x-xss-protection: 0
expires: Fri, 18 Jun 2021 03:30:59 GMT

GET
H/1.1 200
OK Cookie set css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 21ms
9ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 26 May 2021 16:00:47 GMT
X-CDN: Imperva
Etag: "032a9b05"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/css
X-Iinfo: 13-35678232-35654321 2CNN RT(1623987058658 7) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208293, public
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Content-Length: 4376
Expires: Fri, 02 Jul 2021 03:09:11 GMT

GET
H/1.1 200
OK Cookie set css_8mwaye2sTOcKZyFUWw5Encz0GQ14WrCWajGHbVrsx8E.css
www.proofpoint.com/sites/default/files/css/ 1 MB
275 KB 27ms
15ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_8mwaye2sTOcKZyFUWw5Encz0GQ14WrCWajGHbVrsx8E.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f26c1ac9edac4ce70a6721545b0e449dccf4190d785ab0966a31876d5aecc7c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Jun 2021 23:17:06 GMT
X-CDN: Imperva
Etag: "89ce7373"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/css
X-Iinfo: 14-30012518-30012520 2CNN RT(1623987058658 7) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208293, public
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Content-Length: 280428
Expires: Fri, 02 Jul 2021 03:09:11 GMT

GET
H/1.1 200
OK Cookie set modernizr.min.js Show response
www.proofpoint.com/modules/custom/pp_theme/js/ 5 KB
3 KB 42ms
8ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/modules/custom/pp_theme/js/modernizr.min.js?v=3.3.1

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; ___utmvmkyuLalI=wcxxXYCsbrV; ___utmvbkyuLalI=PZi XjMOcalP: htG
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 03 Feb 2021 00:23:16 GMT
X-CDN: Imperva
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: application/javascript
X-Iinfo: 12-20591556-20590038 2CNN RT(1623987058658 29) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208293, public
Set-Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; expires=Fri, 17 Jun 2022 14:16:07 GMT; HttpOnly; path=/; Domain=.proofpoint.com; Secure; SameSite=None incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; path=/; Domain=.proofpoint.com; Secure; SameSite=None ___utmvbkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT ___utmvmkyuLalI=a; Max-Age=0; path=/; expires=Mon, 14 Jun 2021 14:10:07 GMT
Content-Length: 2533
Expires: Fri, 02 Jul 2021 03:09:11 GMT

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 177ms
175ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 878091
Transfer-Encoding: chunked
X-Cache: HIT
X-Iinfo: 14-30012518-30012533 NNYY CT(164 335 0) RT(1623987058658 121) q(0 0 0 -1) r(2 2) U18
X-Cache-Hits: 3909
Connection: keep-alive
X-AH-Environment: prod
Content-Encoding: gzip
X-Request-ID: v-22112e78-c7e9-11eb-92a7-735bfc6168a2
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Mon, 21 Jun 2021 23:36:07 GMT

GET
H/1.1 200
OK iMac.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 435 KB
435 KB 10ms
8ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/iMac.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

47587df31e1e202dea23080ef9925c0d8c0794b8362781cc8ac91628ffe07e09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "b96e628c"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
X-Iinfo: 12-20591556-20586229 2CNN RT(1623987058658 121) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208295, public
Content-Length: 445126
Expires: Fri, 02 Jul 2021 03:09:13 GMT

GET
H/1.1 200
OK home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 784 B
1 KB 173ms
172ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 877499
Transfer-Encoding: chunked
X-Cache: HIT
X-Iinfo: 11-18333516-18333521 NNYY CT(164 336 0) RT(1623987058658 121) q(0 0 0 -1) r(2 2) U18
X-Cache-Hits: 3708
Connection: keep-alive
X-AH-Environment: prod
Content-Encoding: gzip
X-Request-ID: v-831615f2-c7ea-11eb-85cd-036ba5dcd0c5
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Mon, 21 Jun 2021 23:46:00 GMT

GET
H/1.1 200
OK ratbinary.webp
www.proofpoint.com/sites/default/files/styles/image_1920_400/public/images/Blog/ 67 KB
68 KB 754ms
725ms Image
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_400/public/images/Blog/ratbinary.webp?itok=8pAx38iN

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

ad0d92cf604efc8b3419a489e8f598a017c3ef0fec742f3387d9de06e83c25d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 0
X-Cache: MISS
X-Iinfo: 12-20591556-20591564 NNNN CT(171 172 0) RT(1623987058658 149) q(0 0 3 -1) r(5 7) U18
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 68542
X-Request-ID: v-999b4128-cfe5-11eb-acf8-eb1d605564d0
Last-Modified: Sat, 06 Feb 2021 13:54:56 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Fri, 02 Jul 2021 03:30:59 GMT

GET
H/1.1 200
OK phf1.png
www.proofpoint.com/sites/default/files/ 147 KB
148 KB 716ms
713ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf1.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

18e37065c461d9c611f131454496d77034a6bf210a8ee3fcd2fbcc528afe8087

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 72960
X-Cache: HIT
X-Iinfo: 11-18333493-18333526 2NNN RT(1623987057966 844) q(0 0 0 -1) r(0 7) U18
X-Cache-Hits: 5
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 150553
X-Request-ID: v-b9e012ba-cf3b-11eb-94c1-6b6823d74598
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Thu, 01 Jul 2021 07:14:59 GMT

GET
H/1.1 200
OK phf2.png
www.proofpoint.com/sites/default/files/ 135 KB
136 KB 679ms
679ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf2.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

0d0033a9ce3b259b253619f2534697aa4721d5a2007999af9c639b9ff64642e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 72960
X-Cache: HIT
X-Iinfo: 11-18333516-18332814 2NNN RT(1623987058658 334) q(0 0 0 -1) r(7 7) U18
X-Cache-Hits: 5
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 138548
X-Request-ID: v-b9b044b8-cf3b-11eb-8c28-372a206a2b8d
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Thu, 01 Jul 2021 07:14:59 GMT

GET
H/1.1 200
OK phf3.png
www.proofpoint.com/sites/default/files/ 303 KB
304 KB 689ms
687ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf3.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

d525a702b4305a4ef63fe9070e6e76c1f107da20da379b48798cc64fa12d86df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 72960
X-Cache: HIT
X-Iinfo: 13-35678232-35675562 2NNN RT(1623987058658 364) q(0 0 0 -1) r(7 7) U18
X-Cache-Hits: 4
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 310743
X-Request-ID: v-b9c19a74-cf3b-11eb-b4ae-0f27c3299b5b
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Thu, 01 Jul 2021 07:14:59 GMT

GET
H/1.1 200
OK phf4.png
www.proofpoint.com/sites/default/files/ 71 KB
72 KB 768ms
767ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf4.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

70f7c95ccbf16a610334be7cdd1fe7bfe9942fbc231f15e725bdf3b849ed8346

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 226105
X-Cache: HIT
X-Iinfo: 7-14906661-14906016 2NNN RT(1623987058658 364) q(0 0 0 -1) r(7 7) U18
X-Cache-Hits: 8
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 72868
X-Request-ID: v-286d6784-cdd7-11eb-b9a3-632604e064e4
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Tue, 29 Jun 2021 12:42:34 GMT

GET
H/1.1 200
OK phf5.png
www.proofpoint.com/sites/default/files/ 200 KB
201 KB 373ms
372ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf5.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

50e0424193d3743bd4e7f08f1e0b7bdb98a97df7c4108c848fbaf73670672464

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 72958
X-Cache: HIT
X-Iinfo: 14-30012518-30011185 2NNN RT(1623987058658 381) q(0 0 0 -1) r(4 4) U18
X-Cache-Hits: 5
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 204749
X-Request-ID: v-bb25513a-cf3b-11eb-8f40-336678efe6d3
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Thu, 01 Jul 2021 07:15:01 GMT

GET
H/1.1 200
OK phf6.png
www.proofpoint.com/sites/default/files/ 198 KB
198 KB 369ms
369ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf6.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

48afd6e9f5be5a21da900991ae13170430382226c3b69ad2a8a3f5a1d67e1e14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1; _rtfl_s_handshake_guid=f71685cf-807a-4714-94dd-da10622bd78d; _vwo_uuid_v2=DC848A4785EDB4C4BB8F88898C77D3272|171086d9af782d25a873e7342e2519bc; _fbp=fb.1.1623987059582.1682804438; _uetsid=99c5e630cfe511eb9df191ae327104be; _uetvid=99c61130cfe511ebb790df76f2682a40; _gcl_au=1.1.30201701.1623987060; _hjTLDTest=1; _hjid=a24efc52-276f-48c9-8d99-1b4d3edf551b; _hjFirstSeen=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 72958
X-Cache: HIT
X-Iinfo: 12-20591556-20586229 2NNN RT(1623987058658 1273) q(0 0 0 -1) r(3 3) U18
X-Cache-Hits: 4
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 202372
X-Request-ID: v-bb8682a2-cf3b-11eb-8872-a3526ab7b469
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Thu, 01 Jul 2021 07:15:02 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 320 KB
71 KB 50ms
32ms Script
application/javascript 2a00:1450:4001:812::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2180a89e2056bdefb9d39a4e2048b5214b19c9bd8a96facedb6ff1c82bf51694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72477
x-xss-protection: 0
last-modified: Fri, 18 Jun 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 18 Jun 2021 03:30:59 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 35ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_8mwaye2sTOcKZyFUWw5Encz0GQ14WrCWajGHbVrsx8E.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

545e7b14aa1b70883537234d00efed9a45a43ac26dbd956ad2b7c6a87c04f6c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Jun 2021 03:30:59 GMT
server: ESF
date: Fri, 18 Jun 2021 03:30:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Jun 2021 03:30:59 GMT

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 204 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8de55874475c175335f0c6fc79e975cc9325630e3641389c18ae7ae5ab9a981

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fab816e037c0f67ab424c67234af03471c66a13357d6e187ecb238a2eac62a04

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 720 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cef5e7a8bbafdc0187cc3bd50db0417a3ed578deec09d93fe306bddf30a9ba43

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 444 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f3fc31f17996bdcd89a0b6358ef30b10a4d5b8e436dcd786082965f868f3bd8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 606 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f156ae940f7e272f1319e3a835871f632bc4275105f4882685a3435d7ed4e3fb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 685 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1c6032b67262b3855f2ae2702f0497cf50f3caf6ce5211641f1756ee3a4332b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 460 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0269ba28d9ec51948de3000f364e6890e8a369ab832b4deb572415845a39712

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93fa8b2f6e13b1ac02946cf42cebafaa637e07feb93b926eace76fd5128df564

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK blue-bg2.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 165 KB
166 KB 119ms
8ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/blue-bg2.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d6dffdf0c11445d390ce54b124aad97a24f21d2e54d0e2f5320c466cda85f9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "b7f7adf5"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
X-Iinfo: 11-18333516-18333065 2CNN RT(1623987058658 294) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208867, public
Content-Length: 169435
Expires: Fri, 02 Jul 2021 03:18:45 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 914ae362937120d900bb5c5d95c70f3957fa2270c308925e4a72ad56446911cb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK phf7.png
www.proofpoint.com/sites/default/files/ 156 KB
156 KB 348ms
348ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf7.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

cf10733d133026b10cb50defccc4456cfa960d0c0b91d7cf643caf9741e39c58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1; _rtfl_s_handshake_guid=f71685cf-807a-4714-94dd-da10622bd78d; _vwo_uuid_v2=DC848A4785EDB4C4BB8F88898C77D3272|171086d9af782d25a873e7342e2519bc; _fbp=fb.1.1623987059582.1682804438; _uetsid=99c5e630cfe511eb9df191ae327104be; _uetvid=99c61130cfe511ebb790df76f2682a40; _gcl_au=1.1.30201701.1623987060; _hjTLDTest=1; _hjid=a24efc52-276f-48c9-8d99-1b4d3edf551b; _hjFirstSeen=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 72958
X-Cache: HIT
X-Iinfo: 14-30012518-30011466 2NNN RT(1623987058658 1288) q(0 0 0 -1) r(3 3) U18
X-Cache-Hits: 4
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 159378
X-Request-ID: v-bba3779a-cf3b-11eb-b8bd-5f17bd8cb4b2
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Thu, 01 Jul 2021 07:15:02 GMT

GET
H/1.1 200
OK phf8.png
www.proofpoint.com/sites/default/files/ 70 KB
70 KB 358ms
357ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/phf8.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

d0367425588dbeffe0937d12d661e7bd2db9676f92cf715823267750ec07ff59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1; _rtfl_s_handshake_guid=f71685cf-807a-4714-94dd-da10622bd78d; _vwo_uuid_v2=DC848A4785EDB4C4BB8F88898C77D3272|171086d9af782d25a873e7342e2519bc; _fbp=fb.1.1623987059582.1682804438; _uetsid=99c5e630cfe511eb9df191ae327104be; _uetvid=99c61130cfe511ebb790df76f2682a40; _gcl_au=1.1.30201701.1623987060; _hjTLDTest=1; _hjid=a24efc52-276f-48c9-8d99-1b4d3edf551b; _hjFirstSeen=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Via: varnish
X-Content-Type-Options: nosniff
X-CDN: Imperva
Age: 72957
X-Cache: HIT
X-Iinfo: 7-14906661-14905844 2NNN RT(1623987058658 1364) q(0 0 0 -1) r(3 3) U18
X-Cache-Hits: 4
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 71546
X-Request-ID: v-bbea76cc-cf3b-11eb-befb-8fef67cc9676
Last-Modified: Sat, 07 Mar 2020 00:53:38 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Thu, 01 Jul 2021 07:15:02 GMT

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ 204 KB
68 KB 459ms
300ms Script
application/x-javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 28 Apr 2021 17:50:01 GMT
server: cloudflare
etag: "340cb2-33187-5c10c0201e440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 661171316ae21d0e-CPH
vary: Accept-Encoding
cf-request-id: 0abec512e500001d0ef81f1000000001
expires: Fri, 18 Jun 2021 07:30:59 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 164ms
64ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

5795e23ab075ada2d107030286b0b7952fd039d00fd2083c072ac87adb01ce3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17407
x-xss-protection: 0
server: cafe
etag: 6415388614174845058
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 18 Jun 2021 03:30:59 GMT

GET
H/1.1 200
OK js_j5WIFYFTirp8NHyyLRxeq-c2t-kU-l3bFGp9bPWMK04.js Show response
www.proofpoint.com/sites/default/files/js/ 157 KB
54 KB 12ms
12ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_j5WIFYFTirp8NHyyLRxeq-c2t-kU-l3bFGp9bPWMK04.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

8f95881581538aba7c347cb22d1c5eabe736b7e914fa5ddb146a7d6cf58c2b4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Jun 2021 23:17:09 GMT
X-CDN: Imperva
Etag: "bc54608a"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/javascript
X-Iinfo: 11-18333516-18333537 2CNN RT(1623987058658 317) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208295, public
Content-Length: 54506
Expires: Fri, 02 Jul 2021 03:09:13 GMT

GET
H2 200 geoip2.js Show response
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 43ms
26ms Script
application/javascript 2606:4700::6812:aef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fe5fb2d025e0a2a028376783078622313bb93ec4a64cae7a8f6c0463507b2b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 17 Jun 2021 18:37:08 GMT
server: cloudflare
age: 1432
etag: W/"60cb9654-d69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=43200
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 661171307eebd721-FRA
cf-request-id: 0abec5124d0000d721f101c000000001
expires: Fri, 18 Jun 2021 15:30:59 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js Show response
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 10ms
9ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Jun 2021 18:41:55 GMT
X-CDN: Imperva
Etag: "6e3ea0aa"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/javascript
X-Iinfo: 14-30012518-30011466 2CNN RT(1623987058658 322) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208294, public
Content-Length: 2188
Expires: Fri, 02 Jul 2021 03:09:12 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 124ms
52ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 01:40:41 GMT
Server: AkamaiNetStorage
ETag: "5379c4a40ff8ae9d2fc6484dd1c57349:1622166041.794746"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H/1.1 200
OK js_x9WUHb2hGLAgTvhiY2AJd9mnqudJhTCe9zU_502njKQ.js Show response
www.proofpoint.com/sites/default/files/js/ 1 MB
407 KB 10ms
9ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_x9WUHb2hGLAgTvhiY2AJd9mnqudJhTCe9zU_502njKQ.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c7d5941dbda118b0204ef86263600977d9a7aae74985309ef7353fe74da78ca4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Jun 2021 23:18:01 GMT
X-CDN: Imperva
Etag: "b6fb0662"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/javascript
X-Iinfo: 14-30012518-30011185 2CNN RT(1623987058658 333) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208295, public
Content-Length: 416229
Expires: Fri, 02 Jul 2021 03:09:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 3979
date: Fri, 18 Jun 2021 02:24:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 18 Jun 2021 04:24:40 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 131ms
57ms Script
text/javascript 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

c694a371dc0d0d8accc0cc110c4e2e8f15a44682710b85c71c2f68833623737c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13996
x-xss-protection: 0
server: cafe
etag: 13080284601087747113
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 18 Jun 2021 03:30:59 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 63ms
38ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding: gzip
last-modified: Fri, 28 May 2021 20:25:24 GMT
x-msedge-ref: Ref A: A4C72297E64E4FA6BCD06E63CAF54E9C Ref B: FRAEDGE1408 Ref C: 2021-06-18T03:30:59Z
etag: "0d2a696ff53d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 9008

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 103ms
33ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 59936
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1623987059.374841,VS0,VE0
x-served-by: cache-hhn11554-HHN

GET
H2 200 hotjar-1456002.js Show response
static.hotjar.com/c/ 4 KB
2 KB 172ms
83ms Script
application/javascript 99.86.242.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.242.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-242-68.vie50.r.cloudfront.net

Software

Resource Hash

22e4ee5f5e13de9e70e0f4394ab98afd243f1cfc0abd8c618058504b7b1009f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: VIE50-C1
etag: W/8faee5b452289a833f9f2c9e4f120ede
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
content-length: 1902
via: 1.1 ef3fdf4c8ab8a4babeb402e6d03ee7c3.cloudfront.net (CloudFront)
x-amz-cf-id: dzdSZeWExDxJQ8VMKJFS80P42LEk-GY7isTvTRSqzbOcKLyKFIeyWg==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 21ms
7ms Script
application/x-javascript 2a02:26f0:7100:481::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:481::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=52954
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

0
336 B

50ms
50ms

Script
application/javascript

52.17.151.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.151.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
date: Fri, 18 Jun 2021 03:30:59 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 87
content-type: text/html; charset=utf-8

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
1 KB 116ms
55ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=359897&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&r=0.5341473353085107
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: 28b988dafe2dc95eaa816ebb17a3329d0e170135e820c21ff6d308903d04be7e

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 18 Jun 2021 03:30:58 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 1594.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
431 B 196ms
174ms Script
text/javascript 2606:4700::6812:1bbe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 92820b77-8acb-4399-808d-bcabd267379c
x-runtime: 0.017450
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0abec5128d000016ea530f8000000001
cf-ray: 66117130de7a16ea-FRA

GET
H2 200 1644.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
434 B 150ms
149ms Script
text/javascript 2606:4700::6812:1bbe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: d7d30122-0761-49f0-a2b4-c17e501d71e8
x-runtime: 0.005666
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0abec51295000016ea53bbd000000001
cf-ray: 66117130ee9616ea-FRA

GET
H2 200 1645.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
432 B 166ms
165ms Script
text/javascript 2606:4700::6812:1bbe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 73c028fa-9708-4e1b-af25-c88dad27f127
x-runtime: 0.024843
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0abec51296000016ea81016000000001
cf-ray: 66117130ee9716ea-FRA

GET
H2 200 1646.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 149ms
148ms Script
text/javascript 2606:4700::6812:1bbe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: cf559e45-483d-40ad-9cd9-674200aacbf4
x-runtime: 0.006119
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0abec51296000016ea20976000000001
cf-ray: 66117130ee9816ea-FRA

GET
H2 200 1647.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 171ms
171ms Script
text/javascript 2606:4700::6812:1bbe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: e0aad915-63ed-471f-a582-d94099568f61
x-runtime: 0.022560
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0abec51296000016ea7c820000000001
cf-ray: 66117130ee9916ea-FRA

GET
H2 200 main.rtfl.js Show response
visitor.reactful.com/dist/ 273 KB
106 KB 61ms
13ms Script
application/javascript 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/dist/main.rtfl.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 02:10:27 GMT
content-encoding: gzip
server: Google Frontend
age: 4832
etag: "c6zfoA"
content-type: application/javascript; charset=UTF-8
x-cloud-trace-context: 8c873703fa3dcb2159bf5f4c9aa7eb9d
cache-control: public,public, max-age=432000
content-length: 107826
expires: Wed, 23 Jun 2021 02:10:27 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 1 KB
1 KB 283ms
126ms XHR
application/json 99.86.242.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=8d20076343394d24eb8250e933d1560c
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.242.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-242-50.vie50.r.cloudfront.net
Software: nginx /
Resource Hash: 542309427583f330f5714e1cc7fdc974bfff90c73dc7f39f1509f0de8b19f66e

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: VIE50-C1
x-cache: Miss from cloudfront
request-id: a4753127-ade3-42e6-b91d-f8b704b14eb7
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.proofpoint.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 a243c19b86829b9271d382d92416109c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fXv0CguBQHzuCxU-byqjxaJwHSQmZneToVL-QQftvrCpaWjwbLahdw==
expires: Thu, 17 Jun 2021 03:30:59 GMT

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

0
336 B

50ms
50ms

Script
application/javascript

52.17.151.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.151.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
date: Fri, 18 Jun 2021 03:30:59 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 87
content-type: text/html; charset=utf-8

GET
H2 200 5dfsgn7m2kst.js Show response
js.driftt.com/include/1623987300000/ 214 KB
61 KB 268ms
184ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1623987300000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

1a0c1d42f2aac5afb70f36b15178bdce6ea776c594c3077a89fe7046d2fd5d5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 17:43:27 GMT
server: nginx
etag: W/"a623a00422f2430b47912c809845aef4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: VFoZv9OREwwjjqWo19JDYkVa8DEmZKUz
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qovLlRYfokK8Cm-zsLGl7kpeQfC1EoyhEH2YDUdIvPVdjwkeSjHXYg==

GET
H/1.1 200
OK 206034.js Show response
secure.chip2gift.com/js/ 16 B
255 B 165ms
42ms Script
text/javascript 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.chip2gift.com/js/206034.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e9b3c1ef5622bc620a5c1d364aa9fbec2c9d6230bb5f6ab825825db09dd71f6a

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 03:30:59 GMT
Server: Kestrel
Transfer-Encoding: chunked
Content-Type: text/javascript
Cache-Control: no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 94 KB
25 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

547f226c6e04b6654144617685448d360e2a92d908c6fb646761a1e6d4850004

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 24517
x-xss-protection: 0
pragma: public
x-fb-debug: sAxTBaZoPbzS1agh61D2gydga9H98sKKqYzqwby4h8CDEx1D18KTidkQmr5f1XP77xfTcQRsoMJsGmcvy1YWzA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Fri, 18 Jun 2021 03:30:59 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK tracking.js Show response
trk.techtarget.com/ 4 KB
2 KB 162ms
34ms Script
text/javascript 163.171.128.148
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.148 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 21 Jun 2019 20:11:17 GMT
Server: PWS/8.3.1.0.8
Age: 480
X-Ws-Request-Id: 60cc1373_PSdgflkfFRA1je9_4588-12232
Content-Type: text/javascript
Via: 1.1 PSmgnyNY2no188:0 (W), 1.1 PSdgflkfFRA1hb199:0 (W), 1.1 PSdgflkfFRA1eq94:13 (W)
Cache-Control: max-age=600
X-Px: ht PSdgflkfFRA1eq94FRA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711
Expires: Fri, 18 Jun 2021 03:32:59 GMT

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=1858076957993708831

0
242 B

403ms
382ms

Image
application/json

2600:9000:2156:1600:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=1858076957993708831
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1600:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
via: 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront)
apigw-requestid: BGf6NjnkIAMEVxw=
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json
content-length: 0
x-amz-cf-id: 0_YM84O72J-q4TR9Vr4N0aoNAmu9haGSQk4_HuY8bNvsBXJel1LC8w==

Redirect headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 03:31:00 GMT
X-Proxy-Origin: 82.102.20.44; 82.102.20.44; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.53:80
AN-X-Request-Uuid: 501dab82-1213-4a0f-b5b2-d25d415fe55c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=proofpoint.com&pId=1858076957993708831
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

src=8909468;dc_pre=CLiY8J6foPECFUK_GAodWggPyg;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=692409771
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CLiY8J6foPECFUK_GAodWggPyg;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLiY8J6foPECFUK_GAodWggPyg;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

42 B
63 B

31ms
17ms

Image
image/gif

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLiY8J6foPECFUK_GAodWggPyg;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLiY8J6foPECFUK_GAodWggPyg;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26time%3D1623987059322%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&liSync=...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&liSync...

0
155 B

370ms
164ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&liSync=true&e_ipv6=AQIVLPtqfXgo_gAAAXodK_4nUAk-EGOXlUqRwJdnRbINSuLn3WGy4p3oQTippdOdTPesMbav
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: f9M7mqCPiRbg/04GdSsAAA==

Redirect headers

date: Fri, 18 Jun 2021 03:31:00 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1623987059322&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&liSync=true&e_ipv6=AQIVLPtqfXgo_gAAAXodK_4nUAk-EGOXlUqRwJdnRbINSuLn3WGy4p3oQTippdOdTPesMbav
x-li-proto: http/2
x-li-pop: prod-eda6
content-length: 0
x-li-uuid: 8VckhqCPiRbg/7jijSsAAA==

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 27ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1350427979&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&ul=en-us&de=UTF-8&dt=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1981887157&gjid=986825529&cid=9950927.1623987059&tid=UA-2257074-1&_gid=1995045756.1623987059&_r=1&gtm=2wg6g0MGR7P8X&cd19=9950927.1623987059&z=1485868107

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 17087961.js Show response
bat.bing.com/p/action/ 0
151 B 99ms
99ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/17087961.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ARR/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 18 Jun 2021 03:30:58 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: 4DABCC01D02B479BAB79DDFF07A2EC2E Ref B: FRAEDGE1408 Ref C: 2021-06-18T03:30:59Z
x-powered-by: ARR/3.0
x-cache: CONFIG_NOCACHE

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
436 B 41ms
15ms XHR
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-2257074-1&cid=9950927.1623987059&jid=1981887157&gjid=986825529&_gid=1995045756.1623987059&_u=YEBAAEAAAAAAAC~&z=1339979270

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 18 Jun 2021 03:30:59 GMT
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
454 B 237ms
153ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Fri, 18 Jun 2021 03:30:59 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 6c2689d4ebdb32f08ad25d922db98bc2675ade43c76adee8ca174cd06f03c288
x-transaction: cc1052da74b944fc
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 36ms
17ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-2257074-1&cid=9950927.1623987059&jid=1981887157&_u=YEBAAEAAAAAAAC~&z=696700345

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 36ms
17ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-2257074-1&cid=9950927.1623987059&jid=1981887157&_u=YEBAAEAAAAAAAC~&z=696700345

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
visitor.reactful.com/config/879986/ 0
128 B 161ms
161ms XHR
text/javascript 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&hash=&referer=&user_id=&hshkgid=f71685cf-807a-4714-94dd-da10622bd78d&cb_rtfl=_rtfl_jsonp_0
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Url-Params-Data: e30=
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
server: Google Frontend
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.proofpoint.com
x-cloud-trace-context: 384db6ba0f8b4650f891d1a23756090c
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length: 0

OPTIONS
H2 200 /
visitor.reactful.com/config/879986/ Frame 0
0 274ms
254ms Preflight
text/javascript 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&hash=&referer=&user_id=&hshkgid=f71685cf-807a-4714-94dd-da10622bd78d&cb_rtfl=_rtfl_jsonp_0
Protocol: H2
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: url-params-data
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-methods: GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
content-type: text/javascript
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-cloud-trace-context: ac1a42569e375c2a88212e18c0eacbc6
date: Fri, 18 Jun 2021 03:30:59 GMT
server: Google Frontend
content-length: 0
expires: Fri, 18 Jun 2021 03:30:59 GMT

GET
H3-Q050 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
301 B 177ms
147ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=359897&d=proofpoint.com&u=DC848A4785EDB4C4BB8F88898C77D3272&h=171086d9af782d25a873e7342e2519bc&t=false&r=0.34946001198038457

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
2 KB 37ms
17ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1623987059470&cv=9&fst=1623987059470&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6g0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&tiba=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d27a4dacd51fa68cf7126027e7ab00d7859c56c55fce15f6ae5e20e10e14b64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1086
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.f9b798f7869d8d925c50.js Show response
script.hotjar.com/ 219 KB
58 KB 143ms
51ms Script
application/javascript 13.32.2.16
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.f9b798f7869d8d925c50.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.2.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-2-16.vie50.r.cloudfront.net

Software

Resource Hash

d47ae7a2d6d439a1ca81303eeb9e45e90983297e10c6c51d888a1e090c6d2e7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 17 Jun 2021 15:10:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44454
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59019
access-control-allow-origin: *
last-modified: Thu, 17 Jun 2021 15:09:29 GMT
etag: "8f6a52185f0af327bfd3cc0fec3d9a30"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a4035907ac3c3ba8d1fd116b6b6b9a4d.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: VIE50-C2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 8VN39KA3WsvzywZ7t9edBZ0THul8r6DDQp4wng3Gt8BaX9zjV4lxbA==

GET
H3-29 200 143852102935619 Show response
connect.facebook.net/signals/config/ 260 KB
74 KB 64ms
64ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/143852102935619?v=2.9.41&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d4f6040abfbbc2d2f905fdade2be75785df619bd384931c222e431b1508c5fb

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 8FYEHIwKVt6TI6VZ3wy/+Z2WKI4ULz4iZKMaPRKsZNgqveu4X26PDzx/lVJw31/IBELzIq6lSxXq9Rcoo0/4vA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 18 Jun 2021 03:30:59 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 error
connect.facebook.net//log/ 0
0 44ms
44ms Image
text/html 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://connect.facebook.net//log/error?p=pixel&v=2.9.41&e=Error%3A%20Failed%20to%20check%20if%20the%20current%20pixel%20fired%20pcmInstagramTriggerAttribution%20plugin&s=Error%3A%20Failed%20to%20check%20if%20the%20current%20pixel%20fired%20pcmInstagramTriggerAttribution%20plugin%0A%20%20%20%20at%20b.value%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A24%3A17930)%0A%20%20%20%20at%20x%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A24%3A56121)%0A%20%20%20%20at%20y%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A24%3A56663)%0A%20%20%20%20at%20z%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A24%3A56805)%0A%20%20%20%20at%20%24%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A27%3A10411)%0A%20%20%20%20at%20Function.Z%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A27%3A8946)%0A%20%20%20%20at%20Function.ma%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A27%3A8719)%0A%20%20%20%20at%20Function.X%20%5Bas%20callMethod%5D%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A27%3A3661)%0A%20%20%20%20at%20qa%20(https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A27%3A10617)%0A%20%20%20%20at%20https%3A%2F%2Fconnect.facebook.net%2Fen_US%2Ffbevents.js%3A27%3A10653&ue=0&rs=stable&rqm=FGET
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 18ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&rl=&if=false&ts=1623987059584&sw=1600&sh=1200&v=2.9.41&r=stable&ec=0&o=30&fbp=fb.1.1623987059582.1682804438&it=1623987059491&coo=false&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 18 Jun 2021 03:30:59 GMT

GET
H/1.1 200
OK activity.gif
apt.techtarget.com/activity/ 43 B
464 B 441ms
107ms Image
image/gif 206.19.49.24
ATT-INTERNET4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=1268939&version=2.0&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&r=1623987059642
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Last-Modified: Tue, 26 Mar 2019 18:30:29 GMT
ETag: "2b-5850384029cff"
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 43

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 45 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/160/ 11 KB
5 KB 35ms
34ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/160/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Feb 2021 02:54:38 GMT
Server: AkamaiNetStorage
ETag: "19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4811
Expires: Sun, 26 Sep 2021 03:31:00 GMT

GET
H2 200 MP9Jyqtx.min.js Show response
scripts.demandbase.com/ 92 KB
20 KB 421ms
351ms Script
application/javascript 65.9.77.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cb67a67d2d96d4e644a44fd3f61ec63bb35ca0ff67d6c961edcc55dde9cdf92e

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: yLxSMP3whUfEpqTLCyfF80GLx5D34il3
content-encoding: gzip
last-modified: Wed, 02 Jun 2021 20:54:07 GMT
server: AmazonS3
x-amz-cf-pop: AMS1-C1
etag: W/"973576fc3b189c0627b790752c936729"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 682270ef163d219cc7a50d1af232b97f.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Fri, 18 Jun 2021 03:31:01 GMT
x-amz-cf-id: 8uTSAoKIPBoXabUiJ3l5HoUCUNFlNK0v0FZazup200xouA_AatCP8g==

GET
H3-29 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
1 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1623987059800&cv=9&fst=1623987059800&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&tiba=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ed0a626ef7b42864f0eca017e61c296c35c8221e8af6a7a9c924278cec959bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1067
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
657 B 288ms
204ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Fri, 18 Jun 2021 03:31:00 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: dd2f6191b7d52d6fde96dc8ab14f697e4ab1ef50b6056b077b4e2fa58fa670e5
x-transaction: 7c2c8a9a0e203ef1
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 me Show response
geoip-js.com/geoip/v2.1/country/ 771 B
1 KB 89ms
73ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6812:aef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com

Requested by

Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aef , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbb20242c534c7efc0019925c8a81730f3b09f042273130a0ae861bda498f151

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:30:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 661171347b1bbeb5-FRA
content-length: 771
cf-request-id: 0abec514c90000beb57d866000000001

GET
DATA 200
OK truncated
/ 207 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0b6d26489191155d30162f050cf2a964afb8cf054e3f59e7f710942a9a12293

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 getForm Show response
app-abj.marketo.com/index.php/form/ 6 KB
2 KB 430ms
430ms Script
application/javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/getForm?munchkinId=309-RHV-619&form=9701&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&callback=jQuery1124023741320408444055_1623987059772&_=1623987059773

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa8fcfcdcfbcd454908c1139c40929082c3711ef9d2bc8bd94bd0a525b61612f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cached: false
strict-transport-security: max-age=63113904
cf-ray: 661171348cb71d0e-CPH
cf-request-id: 0abec514d600001d0ef38dc000000001

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 107ms
36ms Script
application/javascript 184.30.24.121
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js?_=1623987059809

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_j5WIFYFTirp8NHyyLRxeq-c2t-kU-l3bFGp9bPWMK04.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.24.121 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-24-121.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Fri, 18 Jun 2021 03:31:00 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H2 204 0
bat.bing.com/action/ 0
172 B 28ms
28ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17087961&tm=gtm001&Ver=2&mid=cd9bc386-db4b-4b45-8f34-5bbe7ac44ba8&sid=99c5e630cfe511eb9df191ae327104be&vid=99c61130cfe511ebb790df76f2682a40&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&r=&lt=1577&evt=pageLoad&msclkid=N&sv=1&rn=856956
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: DFE0E454D13347D9A2E44C3552241328 Ref B: FRAEDGE1408 Ref C: 2021-06-18T03:30:59Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 43 KB
14 KB 20ms
6ms Script
text/javascript 2a02:26f0:7100::687e:24b0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:24b0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0bdbd13a9da4238bc080d842dc7a9ec35b489331b7d62efb221190e1e2e7207c

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: RVXD6y5am6YixIs20gc16A7S2LiJxdei
Content-Encoding: gzip
ETag: "e7e1157bceb87dc38d309f98df7a67f9"
x-amz-request-id: MG25FR5GJB9M1KMF
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 13670
x-amz-id-2: 6rVMzoOJXmYeCby3k7jQeH6/g7YQU9ocFeos99sI818RG4Er8EQaHffxuUwGGu2mak3AKNTBXzE=
Last-Modified: Wed, 02 Jun 2021 22:36:05 GMT
Server: AmazonS3
Date: Fri, 18 Jun 2021 03:31:00 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3-29

200

activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-ins... Show response
10487471.fls.doubleclick.net/ Frame E78D
Redirect Chain

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-...
https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2...

1 KB
822 B

109ms
58ms

Document
text/html

216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.134 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f6.1e100.net

Software

cafe /

Resource Hash

73f47a6d2e3e5b46af3ef19ad1e9ff03f0db27e6cb10b4d1086566d57d28f105

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10487471.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Jun 2021 03:31:00 GMT
expires: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 797
x-xss-protection: 0
set-cookie: IDE=AHWqTUlEUpfJaMd-UY8YCpF6vCg4BxQJvT4ClvATFDSyUXL9P7ICeJ86-ehm9yq3thw; expires=Wed, 13-Jul-2022 03:31:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Jun 2021 03:31:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 activityi;register_conversion=1;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%...
10487471.fls.doubleclick.net/ 0
0 52ms
52ms Image
text/html 216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://10487471.fls.doubleclick.net/activityi;register_conversion=1;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 216.58.212.134 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29

200

activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374 Show response
4788165.fls.doubleclick.net/ Frame 26A3
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374?
https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374?

547 B
444 B

113ms
61ms

Document
text/html

216.58.212.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.134 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f6.1e100.net

Software

cafe /

Resource Hash

74c62da8d57caed4b5967e4045604a5be10e7c134a5d5cc04dcb2665c804334f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4788165.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Jun 2021 03:31:00 GMT
expires: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 419
x-xss-protection: 0
set-cookie: IDE=AHWqTUkxj-gqG6Nuo-nI_d_2EYTW2EN9t28yyJrpGLIhnHeAzZ6o7WfJ5P8G2667QYU; expires=Wed, 13-Jul-2022 03:31:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 18 Jun 2021 03:31:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK d0ce0cda-4542-4d29-83ad-962c21ce2332 Show response
https://www.proofpoint.com/ 0
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.proofpoint.com/d0ce0cda-4542-4d29-83ad-962c21ce2332
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame D6D4 2 KB
1 KB 112ms
37ms Document
text/html 65.9.77.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3c5f93efb24b4927140dd52806f3d1e1.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: sGmeTgE-ytR_PtzU1vzt5-Nc7vUNAJEhFSpmaIXgJzV1yLRo_p7omw==
age: 1271755

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
64 B 35ms
20ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1623987059470&cv=9&fst=1623985200000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6g0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&tiba=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=3779817143&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
64 B 33ms
19ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1623987059470&cv=9&fst=1623985200000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg6g0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&tiba=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=3779817143&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/ 3 KB
4 KB 135ms
9ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.proofpoint.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Cookie: visid_incap_177663=yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN; incap_ses_730_177663=hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==; _ga=GA1.2.9950927.1623987059; _gid=GA1.2.1995045756.1623987059; _gat_UA-2257074-1=1; _rtfl_s_handshake_guid=f71685cf-807a-4714-94dd-da10622bd78d; _vwo_uuid_v2=DC848A4785EDB4C4BB8F88898C77D3272|171086d9af782d25a873e7342e2519bc; _fbp=fb.1.1623987059582.1682804438; _uetsid=99c5e630cfe511eb9df191ae327104be; _uetvid=99c61130cfe511ebb790df76f2682a40; _gcl_au=1.1.30201701.1623987060
Connection: keep-alive
Referer: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:30:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:16 GMT
X-CDN: Imperva
Etag: "cc0c264c"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/png
X-Iinfo: 12-20591556-20586229 2CNN RT(1623987058658 1056) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1208295, public
Content-Length: 3329
Expires: Fri, 02 Jul 2021 03:09:14 GMT

GET
DATA 200
OK truncated
/ 129 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

POST
H3-29 200 /
www.facebook.com/tr/ 0
15 B 12ms
6ms Ping
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarylbLOBUQ9HY5NJuid

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Fri, 18 Jun 2021 03:31:00 GMT
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-length: 0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 26A3 43 B
506 B 118ms
47ms Image
image/gif 184.30.20.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1442966&mt_adid=226348&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=&ord=601915689
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.20.207 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-20-207.deploy.static.akamaitechnologies.com
Software: MT3 3759 5f8f15b master zrh-pixel-x10 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Server: MT3 3759 5f8f15b master zrh-pixel-x10
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Jun 2021 03:31:02 GMT

GET
H2 200 dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374
adservice.google.com/ddm/fls/z/ Frame 26A3 42 B
107 B 40ms
19ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374

Requested by

Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_r156foPECFdJQ5Qodg2QNcg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5818731568562.374?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 d7557a63ab8c88be
pixel.sitescout.com/up/ Frame E78D 43 B
267 B 129ms
42ms Image
image/gif 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/d7557a63ab8c88be?url=retargeting&cntr_revenue=&cntr_transactionId=2841357426627&u1=&u2=&u3=&u4=&u5=&cntr_url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks
Requested by: Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:30:59 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-type: image/gif
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-...
adservice.google.com/ddm/fls/z/ Frame E78D 42 B
515 B 18ms
17ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=*;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks

Requested by

Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame E78D 5 KB
2 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:7100:481::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:481::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271

Request headers

Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Jun 2021 01:25:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=52953
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2079

GET
H2

200

collect
px4.ads.linkedin.com/ Frame E78D
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1623987060248&url=https%3A%2F%2Fwww.proofpoint.com%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1623987060248&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQLz4-5aJOcspwAAAXodK_5shqUYtBlumc6BST8BORoEHyfyfNtstrBcHq7iw2MBBY-bVngW

0
39 B

300ms
164ms

Image
application/javascript

108.174.10.14
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1623987060248&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQLz4-5aJOcspwAAAXodK_5shqUYtBlumc6BST8BORoEHyfyfNtstrBcHq7iw2MBBY-bVngW
Requested by: Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=CIyt2Z6foPECFWTjuwgd9GsHDA;src=10487471;type=retar0;cat=retar0;ord=2841357426627;gtm=2wg6g0;auiddc=30201701.1623987060;ps=1;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-14.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-edc2
content-type: application/javascript
content-length: 0
x-li-uuid: IrltmqCPiRbQmHJRdSsAAA==

Redirect headers

date: Fri, 18 Jun 2021 03:31:00 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1623987060248&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQLz4-5aJOcspwAAAXodK_5shqUYtBlumc6BST8BORoEHyfyfNtstrBcHq7iw2MBBY-bVngW
x-li-proto: http/2
x-li-pop: prod-eda6
content-length: 0
x-li-uuid: quT0iaCPiRYQXpAqjSsAAA==

GET
H2 200 forms2.css
app-abj.marketo.com/js/forms2/css/ 13 KB
3 KB 44ms
44ms Stylesheet
text/css 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
vary: Accept-Encoding
content-length: 2623
cf-request-id: 0abec5168700001d0ec3a9d000000001
last-modified: Wed, 28 Apr 2021 17:50:01 GMT
server: cloudflare
etag: "1c2d73-3437-5c10c0201e440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 661171373e6c1d0e-CPH
expires: Fri, 18 Jun 2021 07:31:00 GMT

GET
H2 200 forms2-theme-plain.css
app-abj.marketo.com/js/forms2/css/ 828 B
356 B 50ms
49ms Stylesheet
text/css 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
vary: Accept-Encoding
content-length: 246
cf-request-id: 0abec5168700001d0e20b8f000000001
last-modified: Wed, 28 Apr 2021 17:50:01 GMT
server: cloudflare
etag: "1c2d71-33c-5c10c0201e440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 661171373e6d1d0e-CPH
expires: Fri, 18 Jun 2021 07:31:00 GMT

GET
H2 200 XDFrame Show response
app-abj.marketo.com/index.php/form/ Frame 38F8 2 KB
882 B 127ms
127ms Document
text/html 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/XDFrame

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: app-abj.marketo.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=53f20f64607bc9055cda5c3536b1b5debb50b7c4-1623987059-1800-ASTWXmtae9zRJSoR5H+3hz4WYL0sm2K9jG6QaxvsVApGyEBOt4DCVzlwlQ75GrDCNImKbjLK7acnT7k7zL1ma4g=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
content-type: text/html; charset=utf-8
content-length: 650
cache-control: max-age=3600
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
set-cookie: BIGipServerabjweb-nginx-app_https=!9bi7IzmBd7oLIK3aIvODocHezid2PR/dHNGu8sKq8znN335RhZZCJzFx6WlTFksOuZyyPfCdUACY2A==;Path=/;Version=1;Secure;Httponly
cf-cache-status: DYNAMIC
cf-request-id: 0abec516e300001d0eca216000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 66117137decc1d0e-CPH

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1623987059800&cv=9&fst=1623985200000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&tiba=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=105947520&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
64 B 21ms
20ms Image
image/gif 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1623987059800&cv=9&fst=1623985200000&num=1&guid=ON&eid=2505059650&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&tiba=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=105947520&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 1 KB
1 KB 227ms
142ms XHR
application/json 99.86.242.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&page_title=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&src=tag&key=2e81efc731d57cb3e458d08fae112991
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.242.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-242-50.vie50.r.cloudfront.net
Software: nginx /
Resource Hash: 542309427583f330f5714e1cc7fdc974bfff90c73dc7f39f1509f0de8b19f66e

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: VIE50-C1
x-cache: Miss from cloudfront
request-id: 9f79564b-377e-4429-9da4-34f5535e5636
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.proofpoint.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 2b5d1dff3c8eb4e504487382e1188d98.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XWbiLOuOx5GX5ylZzBc50meUgROIp82h41Lzp9KbUeLjTetTc1Bs7g==
expires: Thu, 17 Jun 2021 03:31:00 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAEYBE7BmCcAADdTeNbNEQ
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEYBE7BmCcAADdTeNbNEQ&verifyHash=2d1f955977dd80a695fee3ebd916bf67f907eb5d

26 B
408 B

192ms
192ms

Image
image/gif

65.9.77.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEYBE7BmCcAADdTeNbNEQ&verifyHash=2d1f955977dd80a695fee3ebd916bf67f907eb5d
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:01 GMT
Via: 1.1 8e4700eb43d0f5579f360cfc02e71fad.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 019dd379c7191782
X-Amz-Cf-Id: P4n0grXJQw-0qgLjaPNokvZXwRUTt7R1w9k0bGrorRZvBhtVKfwQqw==

Redirect headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Via: 1.1 8e4700eb43d0f5579f360cfc02e71fad.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAEYBE7BmCcAADdTeNbNEQ&verifyHash=2d1f955977dd80a695fee3ebd916bf67f907eb5d
Connection: keep-alive
trace-id: 2e6b5a90a38689d6
Content-Length: 0
X-Amz-Cf-Id: RDoD5aM6siuOcRtN7yoJfeEJWlvgQ_MA6J7OLxdZCKiW7sbgrilQ8A==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 152ms
67ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

6ms
6ms

Script
application/javascript

2a02:26f0:7100::687e:24b0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:24b0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: E6Gl9B7gPbHVX38jHWUJV0Im5cXEZg8.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 6J6WV6RWN730WHRP
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 5fY3mOf86PHfXzznpqyZ93VnsPjHl6TGgYcWIYb8oAwsAUfC3CR9Q6oHbvANb3at/wFXTkgrlzE=
Last-Modified: Thu, 20 May 2021 19:48:38 GMT
Server: AmazonS3
Date: Fri, 18 Jun 2021 03:31:00 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Fri, 18 Jun 2021 03:31:00 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/ 0
705 B 20ms
9ms Script
text/javascript 2a02:26f0:7100::687e:24b0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:24b0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: piMHxNx3FCsilFWo8jBqP1y9lS31Z4fc
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: SAZC4G8JZ2WYTYKD
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 0
x-amz-id-2: 9mwwUUG9+7RqCJ+/80b3pPT7mgOBLwIIsLauhbwFyddPLjIkUlqAN0XR0Ya2ImOug6D1rhMirYs=
Last-Modified: Thu, 17 Jun 2021 07:39:11 GMT
Server: AmazonS3
Date: Fri, 18 Jun 2021 03:31:00 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=c2bb607fcae0786611cf9bd53d48cf8b&_b=2
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=c2bb607fcae0786611cf9bd53d48cf8b&_b=2

395 B
863 B

50ms
49ms

Script
application/javascript

52.208.183.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=c2bb607fcae0786611cf9bd53d48cf8b&_b=2
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.183.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.20.0 /
Resource Hash: 9919c7f0c206037e856f4ca4c102188b3cc46995b95eda70e374d9b69d5cb100

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-type: application/javascript
content-length: 395
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=c2bb607fcae0786611cf9bd53d48cf8b&_b=2
date: Fri, 18 Jun 2021 03:31:00 GMT
server: nginx/1.20.0
content-length: 105

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ Frame 38F8 204 KB
68 KB 31ms
31ms Script
application/x-javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://app-abj.marketo.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1
strict-transport-security: max-age=63113904
cf-request-id: 0abec5176600001d0eda109000000001
last-modified: Wed, 28 Apr 2021 17:50:01 GMT
server: cloudflare
etag: "340cb2-33187-5c10c0201e440"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 66117138af511d0e-CPH
expires: Fri, 18 Jun 2021 07:31:00 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 105ms
34ms Script
application/x-javascript 23.218.209.154
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1623987059809
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.154 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-154.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:00 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: B402EDC6F7271ED7
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=30884
accept-ranges: bytes
content-length: 948
x-amz-id-2: 3ZiQcYtRTuh4WJ4BUq+mWoVqgQk4EdHwIkUrSZre2GxPFo/4IUZsv5aBqLknQUvSl0wjR3iM+HQ=

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1350427979&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&ul=en-us&de=UTF-8&dt=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAEABAAAAAC~&jid=&gjid=&cid=9950927.1623987059&tid=UA-2257074-1&_gid=1995045756.1623987059&gtm=2wg6g0MGR7P8X&cd19=9950927.1623987059&cd1=122703481&cd2=Spiralyze&cd3=Unclassified&cd4=Unclassified&cd5=Less%20than%20250&cd6=%245M%20-%20%2410M&cd7=SMB&cd8=Telecommunications&cd9=Spiralyze&cd10=Mountain%20View&cd11=GA&cd12=United%20States&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=spiralyze.com&cd18=(Non-AccountWatch%20Visitor)&z=199419261

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 10:01:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 62999
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 forms_f79029b2cb.min.js Show response
tag.demandbase.com/shared/ 177 KB
57 KB 142ms
51ms Script
application/javascript 13.32.2.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/forms_f79029b2cb.min.js
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.2.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-2-47.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 69a12e6a2c6dff14902de0fec7a22b138a389be30d22265fa1f3c629373c295e

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: ZdfV2hyb4.f3iYT1bTpwGYnAcDBeMBIJ
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 9268
etag: W/"297f27393505134e72a57f78a067e26d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 412b915bb2572a86aaa8bdf21eb381fc.cloudfront.net (CloudFront)
date: Fri, 18 Jun 2021 01:44:10 GMT
x-amz-cf-pop: VIE50-C2
x-amz-cf-id: 868b3fWhDXj99GUu6M4VWbZgUgahQBSRM4OcRW4tZmBQX5s7tgedwA==

GET
H/1.1

200
OK

T47Y2VPPABDUBJXFROMZZM.js Show response
s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/
Redirect Chain

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpo...
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

4 KB
2 KB

14ms
14ms

Script
text/javascript

2a02:26f0:7100::687e:24b0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:24b0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 59c23ac6c266273e5b45d6f10da69ca3972d7a4279b64546d4ada35b4842a15c

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: jLathBvvWU99jubGg02eZL7.3aSwuXHA
Content-Encoding: gzip
ETag: "3ad15e3e664de53f1e10634968eb55b2"
x-amz-request-id: KC0F9C23466Y8K9H
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1592
x-amz-id-2: MUjzOWi0KmvgL4ulEAFRyLbO2D0S72aFf24clGXbRNClM1Fo67IjRtBntHivs0g8mDX0Ni9oPQ8=
Last-Modified: Wed, 09 Dec 2020 00:07:47 GMT
Server: AmazonS3
Date: Fri, 18 Jun 2021 03:31:00 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.20.0
x-rule: *
date: Fri, 18 Jun 2021 03:31:00 GMT
x-segment-eid: T47Y2VPPABDUBJXFROMZZM
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
cache-control: no-store, no-cache, must-revalidate
x-segment-display-name: Visitors to Unsegmented Pages
x-pixel-eid: YV5KYXXEJZATZCT37YRTMK
x-segment-name: *
x-advertisable-eid: 7YJ7XZCLMRHSVCXIHB5HIT
content-length: 0
x-conversion-currency

GET
H2 200 stylesheet_f79029b2cb.v2.css
scripts.demandbase.com/shared/ 27 KB
4 KB 34ms
34ms Stylesheet
text/css 65.9.77.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/shared/stylesheet_f79029b2cb.v2.css
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/forms_f79029b2cb.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.77.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: csDn.NNS9VGplSm_6jcpT8H1jYl4C4Qr
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 63461
etag: W/"178916ae2031afd4e0b75797aa965718"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
via: 1.1 682270ef163d219cc7a50d1af232b97f.cloudfront.net (CloudFront)
date: Thu, 17 Jun 2021 09:53:20 GMT
x-amz-cf-pop: AMS1-C1
x-amz-cf-id: QG00p7db7wQIbLSAjAgxVJ2ODvlwHoYQdS4Wt3frA1VrOi64iQcK6Q==

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 11 KB
3 KB 6ms
6ms Script
text/javascript 2a02:26f0:7100::687e:24b0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&pv=19964664557.36763&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::687e:24b0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: MGA6tupQDYOiAOJsGSW6kO8L5B6ZjG7i
Content-Encoding: gzip
ETag: "5c44da3d0ddeac28ae4c1facdfbfa217"
x-amz-request-id: SQ37A0STM7N6TPKB
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2719
x-amz-id-2: WnCRKOLq7GATB/q2HKK7vvUztT7wPPVVY9LBiUFf7co5PXO5bMgIscYwc8IeOTsjFDG47I9E2Fk=
Last-Modified: Thu, 17 Jun 2021 17:14:49 GMT
Server: AmazonS3
Date: Fri, 18 Jun 2021 03:31:00 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3-29 200 389545881899618 Show response
connect.facebook.net/signals/config/ 260 KB
74 KB 90ms
90ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/389545881899618?v=2.9.41&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f7c1b894557e3429f10b0c817f8c532149dc55d288fe7528cff0791cdcb59274

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: QMwWwDwjMCSNSylrYwmwiNPqMvG3pdvh05Q1l2ku8iV7mCmWOry+oYnpfMSszlAthpKad+AfEc059QRQQvNBTw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 18 Jun 2021 03:31:01 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

204

sync
pixel.advertising.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealth...
https://pixel.advertising.com/ups/55980/sync?uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
125 B

111ms
35ms

Image
text/plain

35.156.153.71
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55980/sync?uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.156.153.71 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:01 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://pixel.advertising.com/ups/55980/sync?uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 167
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-steal...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expiration=1655523060
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expiration=1655523060&C=1

43 B
1 KB

92ms
92ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expiration=1655523060&C=1
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 03:31:01 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 18 Jun 2021 03:31:01 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 03:31:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expiration=1655523060&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Fri, 18 Jun 2021 03:31:01 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expires=365

0
239 B

140ms
36ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expires=365
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: a66cbf3142c6ef39e3614b84a34262cf
Content-Type: image/gif

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&expires=365
pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-st...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

0
477 B

441ms
111ms

Image
text/plain

70.42.32.95
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:01 GMT
Cache-Control: no-cache
X-TraceId: 3cdc80cdf43dda803ea95f6fdca0fd70
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 100
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-st...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
549 B

131ms
41ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:402
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 220
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
445 B

20ms
6ms

Image
text/plain

2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Fri, 18 Jun 2021 03:31:00 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 165
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-ste...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

0
248 B

107ms
35ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

tbl-x-upstream: 10.41.22.181:10213
date: Fri, 18 Jun 2021 03:31:01 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 14211

Redirect headers

location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
pragma: no-cache
date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-...
https://eb2.3lift.com/xuid?mid=4714&xuid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

36ms
35ms

Image
image/gif

3.65.212.7
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.65.212.7 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=4714&xuid=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-...
https://x.bidswitch.net/sync?dsp_id=44&user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

43 B
344 B

35ms
35ms

Image
image/gif

3.120.52.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.52.76 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-52-76.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-...
https://ib.adnxs.com/setuid?entity=172&code=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

43 B
1 KB

102ms
33ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 18 Jun 2021 03:31:01 GMT
X-Proxy-Origin: 82.102.20.44; 82.102.20.44; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.179:80
AN-X-Request-Uuid: fcb3bebb-c99a-418d-9009-00ba70ce6318
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=MzY3NmRjODUxYjQzYTFhZDY1MGRhYjY5NDI4ZDVlZGY
pragma: no-cache
date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 50ms
49ms Image
image/gif 52.208.183.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.183.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.20.0
content-length: 42
vary: Cookie
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=3676dc851b43a1ad650dab69428d5edf
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3676dc851b43a1ad650dab69428d5edf

43 B
180 B

56ms
55ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3676dc851b43a1ad650dab69428d5edf
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: OXGW/16.209.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:01 GMT
via: 1.1 google
server: OXGW/16.209.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=3676dc851b43a1ad650dab69428d5edf
date: Fri, 18 Jun 2021 03:31:01 GMT
via: 1.1 google
server: OXGW/16.209.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=2e80c18d4400239df5f462d18e0d8cd1-1623987060880&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=NnbchRtDoa1lDatpQo1e3w
https://d.adroll.com/cm/g/in

42 B
537 B

49ms
49ms

Image
image/gif

52.208.183.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.183.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:01 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Fri, 18 Jun 2021 03:31:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
88 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=389545881899618&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&rl=&if=false&ts=1623987061084&cd[segment_eid]=T47Y2VPPABDUBJXFROMZZM&sw=1600&sh=1200&v=2.9.41&r=stable&ec=0&o=29&fbp=fb.1.1623987059582.1682804438&it=1623987059491&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:01 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Fri, 18 Jun 2021 03:31:01 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame BDBB 4 KB
1 KB 144ms
144ms Document
text/html 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1623987300000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

02d86b95a1f2cf793ce77118e0a5ca4969e396cebb7f7801e9746877fe937a79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 16 Jun 2021 17:42:58 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ieBR_k0yJrFaFD5tOYejj6KZWIujFaiK
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-cache
etag: W/"adf21875b389554676e8f7e4789d6056"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: UuOdKC5CTBRjA6JGPgR4xjWQR2hu5nx1P3WA88S5uy2rbXxFxo9JUA==

GET
H2 200 chat Show response
js.driftt.com/core/ Frame F1AD 4 KB
1 KB 140ms
140ms Document
text/html 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1623987300000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

02d86b95a1f2cf793ce77118e0a5ca4969e396cebb7f7801e9746877fe937a79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core/chat
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 16 Jun 2021 17:42:58 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ieBR_k0yJrFaFD5tOYejj6KZWIujFaiK
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 18 Jun 2021 03:31:01 GMT
cache-control: no-cache
etag: W/"adf21875b389554676e8f7e4789d6056"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: vm75eipsmoihTBYS4AC9MsJ0eaXwO7yncs5Y_Ry9_96abTVu-aQeyg==

GET
H2 200 nr-1209.min.js Show response
js-agent.newrelic.com/ 31 KB
12 KB 106ms
33ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1209.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1676a8158867ca736ff0a960b9300b8e0e8c016faa2b3211d54d1317213be669

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: Ilyf2heqjbcb6UZHMuleD6bz44kdIrhk
content-encoding: gzip
etag: "ceffb14d16467e17c5360bf7880099fa"
x-amz-request-id: 9YTDKWS1KTJXVYR4
x-cache: HIT
content-length: 11738
x-amz-id-2: 63K0lT5syZe/JXm2RFqz3WvEIKlzAnzZaX0a32Ic9IwKZ+jnpxTdn4e7D+ymi1CMhPNPcBqN3b0=
x-served-by: cache-hhn4051-HHN
last-modified: Thu, 20 May 2021 23:21:18 GMT
server: AmazonS3
x-timer: S1623987062.590187,VS0,VE0
date: Fri, 18 Jun 2021 03:31:01 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5864

GET
H/1.1 200
OK 0ae22ad83e Show response
bam-cell.nr-data.net/1/ 49 B
911 B 747ms
700ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/0ae22ad83e?a=573869349&v=1209.f04e2b9&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=3268&ck=1&ref=https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks&ap=650&be=786&fe=3154&dc=1549&perf=%7B%22timing%22:%7B%22of%22:1623987058343,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:26,%22c%22:26,%22s%22:32,%22ce%22:40,%22rq%22:40,%22rp%22:713,%22rpe%22:876,%22dl%22:716,%22di%22:1549,%22ds%22:1549,%22de%22:1577,%22dc%22:3147,%22l%22:3155,%22le%22:3163%7D,%22navigation%22:%7B%7D%7D&fp=1150&fcp=1150&at=QkMWFgxKT08VVkcIGkQc&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1209.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 18 Jun 2021 03:31:02 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
X-NewRelic-App-Data: PxQGQlVRDAMDUVZQFR0VMQFTYkEDCBADUxZRDVZkG3xWEU0YdQhAEgVCVAkDEWQcfgEVFk51XhUUUEJQCgMRQBxSFlIUChoAC1ABWHRMB05WAhtDAgYOAwZWBFQAAVMEVVBSUEBKBQNcEV0/
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6611713f7ae87377-CPH
cf-request-id: 0abec51ba70000737740b3c000000001

GET
H2 200 runtime~main.ed3fc1ef.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 5 KB
3 KB 36ms
35ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

ae58d73b37c85f0b4e5b489e1b317148c392358459b7dce1b0e979a82e3a05cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:12 GMT
server: nginx
etag: W/"6d83a79f01c900e600328f34657a8ce5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: v22xKqEDiRumpAtTFkpAskTQhQwwQX9q
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uJcndfMvnAu4ZgJvNND20qM1irI6yMGQmrnqsf1OnEAQj2pcwrcPmw==

GET
H2 200 42.1d3e72f0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 40 KB
12 KB 36ms
35ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

42b6a4cb0223e8edcf8a735efce1e53d8ab0b2604f31606ea6e4e454755a46de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"6bafacd7106b1f1a919e0d9db9ac2d45"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PsraKE5Rqpn1WCq0VTYjZOvkR1qNgwsQ
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Gkw-QdgFXAqvaHaEbv1STOV3y9l-v0iaNTeZ1tV9qa9tglvUyugQVA==

GET
H2 200 25.3ad21d5f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 42 KB
12 KB 36ms
35ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.3ad21d5f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e9618225f87a07ea43af2674ce4207adfb0897b1bb6aaf2157b502ee89538aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"505015ae57a46f8d45f6393ec7549ede"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: olXF5DL8x9c7zMiL4sMGFZ_CqAbXHjZE
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: B4n2Y9nPNJanEFDja5PIHn-RDwYMn23Tdchs4VxqXZg2eKmVCxTCBg==

GET
H2 200 40.f7d72950.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 23 KB
7 KB 43ms
42ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.f7d72950.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

f469f0f2ec90c279cfe0e1a54b280d51e700fd6454ca7bffd7202df3dd7d6b3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"8d32077d11bf130936ad9f6b2796c9e5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: IztndX_FtIwJA1wjdnknjusFhKQvrAWn
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ycnrO0sbxNQBkNOkkG42uDdzAmneeLMRd5UDv70vRjhcItPzvyuLkw==

GET
H2 200 22.9acf1962.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 16 KB
5 KB 43ms
42ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.9acf1962.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

0bc5a66e21f8648156fcbc214136ac5ff60d0adc8c9e438a2b769a83f5075d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"8270d313e55bc5cda4436c12c7c8efca"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: APiEkpiKyQDCpskWeMR0GYFrEPmLG5zv
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Q9jsbshpwF2p3EKCbaQc5sFY0z_Nz6wJQ7my2B0mi6FNwpJtMTmT5w==

GET
H2 200 36.2cef282c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 17 KB
6 KB 45ms
43ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.2cef282c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

9ae3331ec7a341b12a352038820ade9dfc4f8946ec365397abf5b5a9a6f74b83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"927e45b8993175159e1e9856122c937c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: z5oz_bE_aRz87kkmMOcfmn0zkwlGocED
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BPZKMKUIVRl8URaFgzA_gNekk1hFnSFwftQauPOZgvCo5iCU2Jt2UQ==

GET
H2 200 32.48b4a528.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 48 KB
15 KB 45ms
43ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.48b4a528.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

106a6f15d7a3e5d58d45ec5cdc5895303f8d89fb297d7144776d6a61ed43ec88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:47 GMT
server: nginx
etag: W/"a78e63a18295c0d6b9b738183ec44511"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: u_Z8TtISpqZ_5Q3EUL9.qOa_OzI.rDBV
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VkHer_gEL5VqxYybeuP2Je27NXN8Z5AJM1goZECKDPuyt_qoUDfaXg==

GET
H2 200 18.afae54c8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 29 KB
8 KB 45ms
43ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.afae54c8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e7657b3001a9523fb81152df7eb790ac0e7c7a163d06c31c5052b6e1b25ca77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 4196219
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"aa46b8d2411ca710860501cb70b87aa6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: RsEAITRzirmwXWJLuxexiqSCME3tTtns
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EJsic600y19hIHawqiVcvQQTflK4grL59iL8pTgErDy6aE3DfzeUdQ==

GET
H2 200 19.96441b8b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 39 KB
10 KB 52ms
50ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.96441b8b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

2f5cdaaa7889492b45c17f3fd0d79f8a7f72fccb1bb40ad956b37bf11d8c0175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"854e298ba40cc0c37109059dacdab629"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: smLiQFKqaz8qOaHPuNYtm8wzxQIbs3Jg
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mmFUMa6OQohLcIA8wlZeqZqHNFH8PNaOFaVEKP1BdcSEGj-9nBd1cA==

GET
H2 200 38.352fecdd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 52 KB
18 KB 52ms
51ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.352fecdd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

3356dfe5f7449f95f2518779c2cde62577d323f32a8742179400e24d242aa820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:47 GMT
server: nginx
etag: W/"f5344e718d92b730a8438d79fcbc17e0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 6tdMMIlFk57Tdpv5c9NuZd0QguYiTalf
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: A6GeyR_255KfrFYnf0sf3ut2B_JKeqzMKf6KVSJXyz-hVxlOcCSTow==

GET
H2 200 35.57bc2812.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 24 KB
10 KB 63ms
61ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.57bc2812.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

6336f71e33dee69b46657b12675fad734c11b8fb43782f5db75d5cb3ce84d785

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:44 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"3749f56217551e2a96eef995213d9832"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: OYsSCDH.OueWQ7Fjc3Wye7OLkxk5vnaR
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LLEk0CJUq1dxpwBAgZ6Yw2UDxjqJw6pzqCHn-Bo0lPl12fStkF_FHw==

GET
H2 200 24.7bbe74f0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 14 KB
5 KB 63ms
61ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.7bbe74f0.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

76f73bfe436a71077f252ade8fb13fdd724a8f1a40fa2ec8bcf65b413a0e6939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:44 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:47 GMT
server: nginx
etag: W/"c7ac762c256cb1f0ca73524a8cd0714b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: nlhdhxhcru.01V0uXFfcDupLe.RJ8qN2
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: H8gljKhqeTeoHpwzWuVp1__N2OzPtcwP10uxbD-uM0AWa1DYKqoamg==

GET
H2 200 14.b0278960.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 60 KB
21 KB 63ms
62ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.b0278960.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

d75c1823f06b25faffc4d8177e4fbad465186322ee07a862adabf1de9f6606ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:14:40 GMT
content-encoding: gzip
age: 620181
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:44 GMT
server: nginx
etag: W/"f0ce14b295202c78f02177e314fdf340"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .0..r695fZ4WlZ68FKdRGMlTplzPAz8J
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 224XXqzP06rm5az5R0PclhmU1d3YYkDV-t90_empUxgtfMAFFMgNYA==

GET
H2 200 main~493df0b3.8ef80fc8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 21 KB
7 KB 63ms
62ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.8ef80fc8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

a31cbb768b25b1d6de6366672c0f5cbdcb9a63bfd84b1d8bb7d64ef03cbd2c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:12 GMT
server: nginx
etag: W/"c042e128e128b9405a02b4db2575d84a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: LG2GYSnb7pH0mVyvxoM2tim5FOp8HI.O
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: og96Oifdh4ssKnhS6psV9I8AdZTDA7zg5tET7mxTQtaA9gRA2IC4dg==

GET
H2 200 main~970f9218.4a5f8d3a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 65 KB
17 KB 63ms
62ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~970f9218.4a5f8d3a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

b2a3f5621e2b58f429984351d353220dafd7bd6b3f14ea228c511c32ab936e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:18 GMT
content-encoding: gzip
age: 125863
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:09 GMT
server: nginx
etag: W/"047193e353365dc6ac0104f48aefe96d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: S33oGlVrBhwUIGwiZnEgE.i_nVxGYRym
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IkXZ6EEoiI40uVnJsTqXd8UWnvIhxjZKPajbdtX_Huqus4katxoOWA==

GET
H2 200 main~89e24786.de1fbe69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 66 KB
18 KB 63ms
62ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~89e24786.de1fbe69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

7df4a54cd6e7081fc46e0a37832aab5f9273076520690ac076aeeab82c816415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:18 GMT
content-encoding: gzip
age: 125863
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:09 GMT
server: nginx
etag: W/"bb5f1d1b3ee9375cf36830c4932ca346"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SjkA849V93qC5KlJ9wi9uMcp2z15IfNz
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8XWdehWCBqhrlKtB566EPMK-jIk8Y3mIOseIgUUJEiQqO78pe6sI_w==

GET
H2 200 main~53ca99a6.be646c50.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 31 KB
10 KB 63ms
62ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~53ca99a6.be646c50.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

5213a92dbf738899b0007477b997665e1ebd0c7e26b4e20adc181be832a2fe78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:12 GMT
server: nginx
etag: W/"42b4d2650d9caabaa0ff0139873d1c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PKMllUePHYBnGI761ZTx4DenPPvnHG9v
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XXA14TEPKLLduFJAPogo-J737IthbXoNjqNJYaZEEq6noFC7BmUhjg==

GET
H2 200 runtime~main.ed3fc1ef.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 5 KB
3 KB 58ms
58ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

ae58d73b37c85f0b4e5b489e1b317148c392358459b7dce1b0e979a82e3a05cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:12 GMT
server: nginx
etag: W/"6d83a79f01c900e600328f34657a8ce5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: v22xKqEDiRumpAtTFkpAskTQhQwwQX9q
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BQ6NDJtu2krVKifI2fHRJz3p4a6T6MlHbmJhcbE3pTW0-Es-QjjZZA==

GET
H2 200 42.1d3e72f0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 40 KB
12 KB 58ms
58ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

42b6a4cb0223e8edcf8a735efce1e53d8ab0b2604f31606ea6e4e454755a46de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"6bafacd7106b1f1a919e0d9db9ac2d45"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PsraKE5Rqpn1WCq0VTYjZOvkR1qNgwsQ
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aSxYBNPauURRNsAUKOorJ5SPZNleNtVPBEQnsdKToPBIgumLKD4thw==

GET
H2 200 25.3ad21d5f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 42 KB
12 KB 58ms
58ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.3ad21d5f.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e9618225f87a07ea43af2674ce4207adfb0897b1bb6aaf2157b502ee89538aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"505015ae57a46f8d45f6393ec7549ede"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: olXF5DL8x9c7zMiL4sMGFZ_CqAbXHjZE
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XlbbeOjI1P9oKE47oyOKLZIcwTbeL9dx4sWeVyFMwRX16BCoR21KPg==

GET
H2 200 40.f7d72950.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 23 KB
7 KB 58ms
58ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.f7d72950.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

f469f0f2ec90c279cfe0e1a54b280d51e700fd6454ca7bffd7202df3dd7d6b3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"8d32077d11bf130936ad9f6b2796c9e5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: IztndX_FtIwJA1wjdnknjusFhKQvrAWn
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R9bFbNnd8HLJXwCR4s19CbF8LwjQ5g_yEPVMvJnEtemz8lMzHaGJuw==

GET
H2 200 22.9acf1962.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 16 KB
5 KB 58ms
58ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.9acf1962.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

0bc5a66e21f8648156fcbc214136ac5ff60d0adc8c9e438a2b769a83f5075d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"8270d313e55bc5cda4436c12c7c8efca"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: APiEkpiKyQDCpskWeMR0GYFrEPmLG5zv
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2ZNxDb0mkupW5-4Fo8BEuKOFbWaYPSm2bjd3_8_tOpks6tCDz29UXA==

GET
H2 200 36.2cef282c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 17 KB
6 KB 58ms
58ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.2cef282c.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

9ae3331ec7a341b12a352038820ade9dfc4f8946ec365397abf5b5a9a6f74b83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"927e45b8993175159e1e9856122c937c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: z5oz_bE_aRz87kkmMOcfmn0zkwlGocED
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: e3W_9MK1KSeL2ZWGydo5vHvIb2DKMs_jmrywd8e6aMfci-eQi8yYNg==

GET
H2 200 32.48b4a528.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 48 KB
15 KB 75ms
75ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/32.48b4a528.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

106a6f15d7a3e5d58d45ec5cdc5895303f8d89fb297d7144776d6a61ed43ec88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:47 GMT
server: nginx
etag: W/"a78e63a18295c0d6b9b738183ec44511"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: u_Z8TtISpqZ_5Q3EUL9.qOa_OzI.rDBV
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: e4M3JN59gNhC-1P5pP5tKHgf-FMv_xqoEJnZo77KpoEqblrwLKr0IQ==

GET
H2 200 18.afae54c8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 29 KB
8 KB 75ms
75ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.afae54c8.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e7657b3001a9523fb81152df7eb790ac0e7c7a163d06c31c5052b6e1b25ca77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 30 Apr 2021 13:54:02 GMT
content-encoding: gzip
age: 4196219
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 30 Apr 2021 13:24:11 GMT
server: nginx
etag: W/"aa46b8d2411ca710860501cb70b87aa6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: RsEAITRzirmwXWJLuxexiqSCME3tTtns
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0hdO1Y-44wrA1jGZ0_YAZvlgSqLYlG9dTCcp6Mi137LVOQdvk-wwkA==

GET
H2 200 19.96441b8b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 39 KB
10 KB 75ms
75ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.96441b8b.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

2f5cdaaa7889492b45c17f3fd0d79f8a7f72fccb1bb40ad956b37bf11d8c0175

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:08:30 GMT
content-encoding: gzip
age: 620551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"854e298ba40cc0c37109059dacdab629"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: smLiQFKqaz8qOaHPuNYtm8wzxQIbs3Jg
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YxdB-7cQ3Xce_JVbTcXEg0LEKGc146aJpT7g3Q2S9YXLNCaStdKbQw==

GET
H2 200 38.352fecdd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 52 KB
18 KB 75ms
75ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.352fecdd.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

3356dfe5f7449f95f2518779c2cde62577d323f32a8742179400e24d242aa820

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:43 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:47 GMT
server: nginx
etag: W/"f5344e718d92b730a8438d79fcbc17e0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 6tdMMIlFk57Tdpv5c9NuZd0QguYiTalf
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eFs9SdpLnXw8QH6r6iEyalcrhSYPuV3dAS_fIQdduJfaP45yzAMa1A==

GET
H2 200 35.57bc2812.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 24 KB
10 KB 75ms
74ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.57bc2812.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

6336f71e33dee69b46657b12675fad734c11b8fb43782f5db75d5cb3ce84d785

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:44 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"3749f56217551e2a96eef995213d9832"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: OYsSCDH.OueWQ7Fjc3Wye7OLkxk5vnaR
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -Q8yoMYItaVGW3322p7n3UxnfTIC_63ua0rBnVL7xaXVlAiyjiYazA==

GET
H2 200 24.7bbe74f0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 14 KB
5 KB 75ms
74ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.7bbe74f0.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

76f73bfe436a71077f252ade8fb13fdd724a8f1a40fa2ec8bcf65b413a0e6939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:44 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:47 GMT
server: nginx
etag: W/"c7ac762c256cb1f0ca73524a8cd0714b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: nlhdhxhcru.01V0uXFfcDupLe.RJ8qN2
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lzZlg9MBYpys8rCid5y_krINyOdirWRcSJMWOakEEW9z2an91aA1TQ==

GET
H2 200 14.b0278960.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 60 KB
21 KB 75ms
74ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.b0278960.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

d75c1823f06b25faffc4d8177e4fbad465186322ee07a862adabf1de9f6606ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:14:40 GMT
content-encoding: gzip
age: 620181
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:44 GMT
server: nginx
etag: W/"f0ce14b295202c78f02177e314fdf340"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .0..r695fZ4WlZ68FKdRGMlTplzPAz8J
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Exm7puXNYlhcoA-rR-34cj53AVJMqkJmBqOd9ABsbaXZMGO-UG7Tvg==

GET
H2 200 main~493df0b3.8ef80fc8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 21 KB
7 KB 75ms
74ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.8ef80fc8.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

a31cbb768b25b1d6de6366672c0f5cbdcb9a63bfd84b1d8bb7d64ef03cbd2c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:12 GMT
server: nginx
etag: W/"c042e128e128b9405a02b4db2575d84a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: LG2GYSnb7pH0mVyvxoM2tim5FOp8HI.O
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0KA1hJqg2BNuKbg7xAzRD-RjYxr1ooQTDaBSFXDwkrPuccXEFFF3_A==

GET
H2 200 main~970f9218.4a5f8d3a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 65 KB
17 KB 75ms
74ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~970f9218.4a5f8d3a.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

b2a3f5621e2b58f429984351d353220dafd7bd6b3f14ea228c511c32ab936e36

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:18 GMT
content-encoding: gzip
age: 125863
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:09 GMT
server: nginx
etag: W/"047193e353365dc6ac0104f48aefe96d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: S33oGlVrBhwUIGwiZnEgE.i_nVxGYRym
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4Q_GQOIYIS9Df7E8Xjq-mAE88ELUkAwyYzhHDrCkFW2Wh0GD0vD6qA==

GET
H2 200 main~89e24786.de1fbe69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 66 KB
18 KB 75ms
74ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~89e24786.de1fbe69.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

7df4a54cd6e7081fc46e0a37832aab5f9273076520690ac076aeeab82c816415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:18 GMT
content-encoding: gzip
age: 125863
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:09 GMT
server: nginx
etag: W/"bb5f1d1b3ee9375cf36830c4932ca346"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SjkA849V93qC5KlJ9wi9uMcp2z15IfNz
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8SgJUOvHtC6bVoxEfaDbQ5TfRLJVXRJ8IvYy7Khzxiqs66zV_4elGQ==

GET
H2 200 main~53ca99a6.be646c50.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 31 KB
10 KB 75ms
74ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~53ca99a6.be646c50.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

5213a92dbf738899b0007477b997665e1ebd0c7e26b4e20adc181be832a2fe78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://js.driftt.com
Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:12 GMT
server: nginx
etag: W/"42b4d2650d9caabaa0ff0139873d1c9d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PKMllUePHYBnGI761ZTx4DenPPvnHG9v
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: D-feEnLKOHnnZ1nYurKtcxJR56Jt6EJyecFhrFfQCPxFPEPlOIfEgg==

GET
H2 200 39.f00f9225.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 6 KB
3 KB 35ms
34ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.f00f9225.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

fb6a54fd0ea4287ed803a20a197516820c7e13ee66649e7c99aeefd06b646543

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:44 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"ba8635d920070dde24a0a4a9e3177b21"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: QT91uxvWeWY83BLBOcxyM7AH84IphadG
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: G3cVqPmZGwyf-82VzytFEEyJkA0TaTfa8INE2wNgEf8QxU_bI5R78A==

GET
H2 200 37.44c05d56.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 107 KB
34 KB 35ms
34ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.44c05d56.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

2badd5eb27f506ea9c8c6e77ae1f938883ac131e2294c4e02bfbabc70ce9e6a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:14:24 GMT
content-encoding: gzip
age: 620197
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"714e6baa2fa3579ac720cb0419c3f11a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: TGlK37ChH04d5UOHQV1SqJJjKMSmBvtr
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: apTSw-nym6Q87h0SSobiWPlbbyysobtV1wOCxf6sxF0St7hTPOd9Sg==

GET
H2 200 30.5caeefdb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 27 KB
9 KB 36ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.5caeefdb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

dcc9b82683719d082db3ba8d6927ac8a03dd5c01d80e6fbe9418badf1e27270e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 16:09:32 GMT
content-encoding: gzip
age: 1336889
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Jun 2021 14:32:01 GMT
server: nginx
etag: W/"607a066f07dd87bede92756538ea6d80"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: HzzKPa6xFWL2fxirUfNCU25XGWCU2.Qz
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: A4j0jWxF9skDmjw6-92SNbJeyFb0MgskvoNsE_-x2Crp1QRzulOJsA==

GET
H2 200 33.4335bc3d.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 1 KB
1 KB 36ms
35ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/33.4335bc3d.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:40:03 GMT
content-encoding: gzip
age: 798658
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 08 Jun 2021 18:42:38 GMT
server: nginx
etag: W/"7362dc7cbde5becc44253ec6d0061465"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PyXT8dGksnrHJL2.YSmEQ8AXp4pKBb8M
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W2qyGOg0c52Ve17uaojn6XBeg9Jkaj0daSAt60mHTzr0qClkpwoW-A==

GET
H2 200 33.376e0bdf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 5 KB
2 KB 36ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.376e0bdf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

0accf9cd87124254f585396ab156ac9cc8a6fb238362746d32cc7abd85825cc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:18 GMT
content-encoding: gzip
age: 125863
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:07 GMT
server: nginx
etag: W/"72031dc9d7e0818043b08cdf78833a67"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 9XDuuCXLKPyYdzR94Ek8I7THPRTRw4b1
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Vsnq7XVd3q9w9lvJ49mVV0a8lcgw1hVVF6Dy-AAI_F3N2fio1Tvkwg==

GET
H2 200 39.f00f9225.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 6 KB
3 KB 34ms
34ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.f00f9225.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

fb6a54fd0ea4287ed803a20a197516820c7e13ee66649e7c99aeefd06b646543

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:44 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:48 GMT
server: nginx
etag: W/"ba8635d920070dde24a0a4a9e3177b21"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: QT91uxvWeWY83BLBOcxyM7AH84IphadG
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Bvu0tGgd7KmB4g9Dbd1ZVKkVN1esDpo1z6PLOEbgVxEhQwmbHFqDhw==

GET
H2 200 37.44c05d56.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 107 KB
34 KB 36ms
35ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.44c05d56.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

2badd5eb27f506ea9c8c6e77ae1f938883ac131e2294c4e02bfbabc70ce9e6a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:14:24 GMT
content-encoding: gzip
age: 620197
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"714e6baa2fa3579ac720cb0419c3f11a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: TGlK37ChH04d5UOHQV1SqJJjKMSmBvtr
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6oYgHl7c3CuzwsgxEOGYm26W8GypL56_RPhol7Pc5VriTjGkL_RIrA==

GET
H2 200 30.5caeefdb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 27 KB
9 KB 36ms
35ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.5caeefdb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

dcc9b82683719d082db3ba8d6927ac8a03dd5c01d80e6fbe9418badf1e27270e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 16:09:32 GMT
content-encoding: gzip
age: 1336889
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 02 Jun 2021 14:32:01 GMT
server: nginx
etag: W/"607a066f07dd87bede92756538ea6d80"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: HzzKPa6xFWL2fxirUfNCU25XGWCU2.Qz
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6lu1idWb3KKSBhAgeZXOU7hHjc1uYofgrR6JhO-SoHqk_r9OtO5ilw==

GET
H2 200 33.4335bc3d.chunk.css
js.driftt.com/core/assets/css/ Frame BDBB 1 KB
1 KB 36ms
35ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/33.4335bc3d.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 21:40:03 GMT
content-encoding: gzip
age: 798658
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 08 Jun 2021 18:42:38 GMT
server: nginx
etag: W/"7362dc7cbde5becc44253ec6d0061465"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: PyXT8dGksnrHJL2.YSmEQ8AXp4pKBb8M
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ApATi-Ac7DiIkffct511EfgfQUmka5NfY94llE0gw2aRXqfDxTatfg==

GET
H2 200 33.376e0bdf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 5 KB
2 KB 36ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/33.376e0bdf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

0accf9cd87124254f585396ab156ac9cc8a6fb238362746d32cc7abd85825cc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:18 GMT
content-encoding: gzip
age: 125863
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:07 GMT
server: nginx
etag: W/"72031dc9d7e0818043b08cdf78833a67"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 9XDuuCXLKPyYdzR94Ek8I7THPRTRw4b1
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eSXOQac5YqxrXOwOLCn3X7YByc2emIAMJwUmtva1KIDBJxICUG9wEw==

GET
H2 200 0.45eb4005.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 17 KB
6 KB 35ms
35ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.45eb4005.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Apr 2021 22:58:04 GMT
content-encoding: gzip
age: 5113977
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 19 Apr 2021 19:42:26 GMT
server: nginx
etag: W/"7e689afacd5eb298702f393c9c2f70f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 1g7Hv6w3YDIKnLSLbX8uZi9cdYzVnmu5
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: u5YeiW9btQ3aY6YH-soq1kn7T1UrKpTMGj1XwLui4dhoFRiCDp5kHw==

GET
H2 200 34.e776e5b0.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 6 KB
1 KB 36ms
35ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.e776e5b0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:14:41 GMT
content-encoding: gzip
age: 620180
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:43 GMT
server: nginx
etag: W/"9f36443a9402e1e03bf8070ddc88b8db"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: EzfZcniTHHlhtffmW64Lh30F8iL_JTrN
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: f0g3ukEXCUmIwbilEIAmblsm_9CBUmOnHGo32XV9SVJKT5wphawmjA==

GET
H2 200 34.8b18ccde.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 2 KB
2 KB 35ms
35ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.8b18ccde.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

ad6468ba2de8181001a9eabbd24b602242c74ea9c54eed918c8253e171695496

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 18:12:43 GMT
content-encoding: gzip
age: 551898
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 11 Jun 2021 16:03:18 GMT
server: nginx
etag: W/"c56007b96f2bba8b0e9ec30ca57888d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: EAYvKpyWCU8CvosvyJU7U1vLO6sIMS_W
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aHAHiXwc5UX2_TWsOHgVgzmpfg24CSsGSOtmZPkTR07AJugdVjOtlg==

GET
H2 200 0.45eb4005.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 17 KB
6 KB 35ms
34ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.45eb4005.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 19 Apr 2021 22:58:04 GMT
content-encoding: gzip
age: 5113977
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 19 Apr 2021 19:42:26 GMT
server: nginx
etag: W/"7e689afacd5eb298702f393c9c2f70f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 1g7Hv6w3YDIKnLSLbX8uZi9cdYzVnmu5
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eVV-kz02BXB8SY-DJQ86_XvuTowW0rAoim_mlbsmGdh_90h5gMgPTA==

GET
H2 200 1.0af467a5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 68 KB
20 KB 37ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.0af467a5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Feb 2021 01:42:28 GMT
content-encoding: gzip
age: 11411313
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 05 Feb 2021 20:58:44 GMT
server: nginx
etag: W/"aedd244e100709f43b70a84bb3945ca6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: kErXw93froxamEp2BnqkXpG57uNk3Qr1
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _GNUh34USRch28TF3C7yNg5frh8GKGeE3k1pUVgLmxMDYbmHld2KFg==

GET
H2 200 29.af23633f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 42 KB
12 KB 37ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.af23633f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

7c59ba72953cc99b7cc6735de0285f154a29e30b5fd5d5b04d819ed22d21bc3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:49:44 GMT
content-encoding: gzip
age: 2706077
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 17 May 2021 19:05:47 GMT
server: nginx
etag: W/"e44e4be66b3069982f14c73c09e21042"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: fotuwu4LjY0Fjw9Gx8sj1O0oPzVV4rN5
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: G2Uvhh6a7CqrZPJMA0y61tW3nKGi3LrW9wHMfRlYNrYDYKUNU_JjFQ==

GET
H2 200 2.9e348098.chunk.css
js.driftt.com/core/assets/css/ Frame BDBB 2 KB
1 KB 37ms
36ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/2.9e348098.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e90d57f411dd7b15b40912a0054905950c28469a3feb592e6c3ddb74d2ef5915

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:14:25 GMT
content-encoding: gzip
age: 620196
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 15:41:04 GMT
server: nginx
etag: W/"97eba23aec3d21fff25c5114b738526d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: rzVwXtwxNL0pzKAjGWjy48TyXFm2Z1c7
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KVgMquZX51cnzr6RzEKsnLcJEzRgh3-RtKpCvJutk7e95g6W0QkI0A==

GET
H2 200 2.ad65f2e6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 33 KB
12 KB 37ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/2.ad65f2e6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

0024d7e8c7cadbee41e3811e351b08257e2fb01041802fd87fa7e0ee5fa8e20f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:10 GMT
server: nginx
etag: W/"c688240a2ec84f940cbc96bd2abccfd8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SeSfuUXBhx.Q_1QSEby283epYtvSpEfM
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ige64Sl_Vxf1589iSHndPMOPShoK34c8sbmMJsFW54JpoCFUpZUZRw==

GET
H2 200 27.44736ae1.chunk.css
js.driftt.com/core/assets/css/ Frame BDBB 8 KB
2 KB 37ms
36ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/27.44736ae1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

8c58a438125e389f81b62999773d8d6cb9e25828bb6049248faa04c12d2bc8a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:19 GMT
content-encoding: gzip
age: 125862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:05 GMT
server: nginx
etag: W/"8b77004f90a97a8796e83c50f9e084d8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: vbUelYlpGjFqqvxeKBtIRZ.fPjQWQ9kD
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XlVgBjG7gcnWOZEn5ZLqD1yk44-IguEPCXQhOWBkVfwGwDSs37RLng==

GET
H2 200 27.5264dd8a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 67 KB
19 KB 37ms
37ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.5264dd8a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

2bd6a35512c25f0355adda4a4b97656a1975713107b6a164b4edefb0a172953b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:19 GMT
content-encoding: gzip
age: 125862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:07 GMT
server: nginx
etag: W/"19ef9b763506bc1f8e0f746d5a87372d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: mbPq..Y_Bx4X2LzcnF.amtqntzi8IzLo
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8wQcH0UkssZEvOmzb-H109E-kZ7D1VsNywKLPu066Qqi8yFDfiChig==

GET
H2 200 1.0af467a5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 68 KB
20 KB 36ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.0af467a5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Feb 2021 01:42:28 GMT
content-encoding: gzip
age: 11411313
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 05 Feb 2021 20:58:44 GMT
server: nginx
etag: W/"aedd244e100709f43b70a84bb3945ca6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: kErXw93froxamEp2BnqkXpG57uNk3Qr1
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -kbfJbCl5dUujBuE2m50XlgHsT_o6zeEMrhyySGT63nCBG8u8N_ulA==

GET
H2 200 8.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 7 KB
2 KB 36ms
36ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 18:12:43 GMT
content-encoding: gzip
age: 551898
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 11 Jun 2021 16:03:16 GMT
server: nginx
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: k6rxkB1rOuEn7p_jmbEY8p2Uw_p9zKoI
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LDuTNxouEV7H27e1O2n6c5xkAP2LhrCmRVtC5jqw01gTKFbTAOARMg==

GET
H2 200 8.787d9b4f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 38 KB
13 KB 36ms
36ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.787d9b4f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

b743316f90e9e30d62b91239fa883e4d3834f628c9a27688836241d8ab547c2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 18:12:43 GMT
content-encoding: gzip
age: 551898
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 11 Jun 2021 16:03:18 GMT
server: nginx
etag: W/"4cb427470d0a29371cc4f5aee409cd71"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Q.IGGEj4uuOqVlUF7.2DV83iuqUWPIuY
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R1MysX7kp-7ynrrq8rYQKMiivOYWZtGk2FPPNhyYeHqc0i9hqNvU2A==

GET
H2 200 5.39718cbd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 50 KB
14 KB 38ms
37ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/5.39718cbd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

b05c21426d9a2999f3f7b48d494bc6dba7b4fba240d3eae1047c99116c075232

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:11:35 GMT
content-encoding: gzip
age: 638366
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 15:41:07 GMT
server: nginx
etag: W/"22b4f20089aad6d0ac685e754c01e20c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .5a_QrgLkSUAEb_A2beueRCXQorNwT3X
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IZ_l8wpDx6aK8AGqYe0rFDXQIuQiBusT3RkUmHdHmTLHORE3q4W7SA==

GET
H2 200 2.9e348098.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 2 KB
1 KB 37ms
37ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/2.9e348098.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e90d57f411dd7b15b40912a0054905950c28469a3feb592e6c3ddb74d2ef5915

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 23:14:25 GMT
content-encoding: gzip
age: 620196
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 15:41:04 GMT
server: nginx
etag: W/"97eba23aec3d21fff25c5114b738526d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: rzVwXtwxNL0pzKAjGWjy48TyXFm2Z1c7
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DIeuzVoPE6IsaIsczS5jqUZ-HgMGF5l1Zfsy_U35caZzBvN4E4sNYw==

GET
H2 200 2.ad65f2e6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 33 KB
12 KB 38ms
37ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/2.ad65f2e6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

0024d7e8c7cadbee41e3811e351b08257e2fb01041802fd87fa7e0ee5fa8e20f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:10 GMT
server: nginx
etag: W/"c688240a2ec84f940cbc96bd2abccfd8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: SeSfuUXBhx.Q_1QSEby283epYtvSpEfM
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: N9pwLn0w5SweKyXDoUV5eFENMbbb9jg6R3puEaQUfVDfbespYbHKAA==

GET
H2 200 7.b7bec0ab.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 12 KB
3 KB 38ms
37ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/7.b7bec0ab.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

aa9061fef557b45dc7bcbc15eb2d6b8f759a615adb98e5ba1c0adc45efd38f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:19 GMT
content-encoding: gzip
age: 125862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:05 GMT
server: nginx
etag: W/"2354849f994ae6bce41e47a1312361cc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .3It4LhL5kMtQmzs0Y31hHuWTcvTT2Mg
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Y22d4Xgi4kuFerDiSOqseJCRmYXokSngftaNFHvWxbH1XQY5RHna8A==

GET
H2 200 7.fb684a0e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 17 KB
6 KB 38ms
37ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/7.fb684a0e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

1ffde8ac4d37188366cf0a5dbbe61c3399bf4d1139f668cecd5bd5d00b43f18d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:11 GMT
server: nginx
etag: W/"efd848cae4383deef1325079abda738f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: gwZCbo1GntkTxceR7kdH0bFegbyjkTCC
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GYbv-QpQCS2PA5msA2_xV__FrgS_IJLn5cVWkMtTZRHfyxlc78Xgug==

GET
H2 200 6.be43392b.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 6 KB
2 KB 38ms
37ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/6.be43392b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

e12f41f00e2ee8a10327a832e9f228d9a21e346f300eb483233171c5d86ecb60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 03 Jun 2021 15:42:07 GMT
content-encoding: gzip
age: 1252134
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 03 Jun 2021 13:26:36 GMT
server: nginx
etag: W/"3474c814e1241a585ba13f3170881693"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: MTrFIW.ZdI7k.J4AhyAYsKB6_1Zaxw6x
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 73uV6hvKAyyEPIC_CHMB4IHLs6z6lw1i5ddgsAACRGkjvxHa-pj12g==

GET
H2 200 6.d16b79fe.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 14 KB
6 KB 40ms
38ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/6.d16b79fe.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

6713942afb0013c459cad9b9854b5ab79fab2567568660dde0a9052a2e5670e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:19 GMT
content-encoding: gzip
age: 125862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:08 GMT
server: nginx
etag: W/"e87fdd674235f6fa3c4f53a87ec86e16"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: iwAZFfTCBDjnDmDoU9tCg2FtzkeCstbg
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Xfet5Eh3Nqk7XjQiOMEJY8iCqKMauCrbkGWF4RWf41DDmOAjN0PW4w==

GET
H2 200 3.322409e1.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 36 KB
6 KB 39ms
38ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.322409e1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

b46a0ad04024e58abe9e418c6cda39249d981cb334dd809c192d77a31311af14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:07 GMT
server: nginx
etag: W/"93032a52a0b7593377f580bb4dac870d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: wW_DSAmQjVaiNsuJcTqU3b52kQeEAedk
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: U3PIQcUT0d02rADCB6Y6OFnDmbEuJVUoYd81wTE5k_5-Oh8A5g8wMQ==

GET
H2 200 3.e80b4a6c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 67 KB
20 KB 39ms
38ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.e80b4a6c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

b9fd6844b3e645e64ba931197daa064d255f51d116ae79704e0e5fe17ea76260

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:19 GMT
content-encoding: gzip
age: 125862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:07 GMT
server: nginx
etag: W/"b897af21c92a08670c78ca88a9a99178"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: zifY3hh5RuNQC1Z0zFs4nvVOqDkXp9D4
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vqarKLm5fX9pFap_bDhn5UPJyn-T6ohzJWEywJ2Aga1cK4MJmBt3Jg==

GET
H2 200 4.7876a10d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 18 KB
7 KB 40ms
39ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.7876a10d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

3fbc0f74ce6d613d4f9a0471081968efe30b14c15b3b7649cfcb6e3ef5f0834b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 16:33:19 GMT
content-encoding: gzip
age: 125862
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 15:10:07 GMT
server: nginx
etag: W/"280e5f49a896501d297c615dc86d516d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: zpHgx4F4m0C3jTXvEakuGbkzgwrjitkH
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mZh_z4FxMvvv7-tllXrQyej9BONRhRj-iyhKjr0wIoTyPcAE_b1aKg==

GET
H2 200 26.cbeac9c0.chunk.css
js.driftt.com/core/assets/css/ Frame F1AD 15 KB
3 KB 41ms
41ms Stylesheet
text/css 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/26.cbeac9c0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

38fe61c974c3fa45b7a3c85975bb1bea318308957c2329f6c932623acff155b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 18:11:35 GMT
content-encoding: gzip
age: 638366
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 15:41:04 GMT
server: nginx
etag: W/"ebfbb9df704776942182975f5f6547a4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: d0D3QA8B0iNoBshvSItbSHQnueHz0RzJ
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1fFmhu5y0G7I1ltbZOGyqhO3a-eg7c06Mw2TQ5gdlo3BbDW4_y_1wg==

GET
H2 200 26.d7c0623d.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 22 KB
8 KB 41ms
41ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.d7c0623d.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

9f4df84893a9a4170ca1d67056a0b52c53da5079bd6ff4a18262d20395d2a717

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 16 Jun 2021 17:42:57 GMT
content-encoding: gzip
age: 121684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 16 Jun 2021 16:39:10 GMT
server: nginx
etag: W/"84c652865350a914f4d411d10c9aed9e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Y6eqlRKxxQxkTyytbAJwEE3PmU8X0WFe
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wmmWzRbqlNw38ZdXYoedQTERM4xUs6HgUxClBPN2j8tb74CY4suAGQ==

OPTIONS
H2 200 v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 0
0 341ms
114ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:02 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift113634b44e7992e57ad9290f945
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 v2 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame BDBB 25 B
122 B 123ms
123ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:02 GMT
server: istio-envoy
requestid: 1a0ed42ba6b5d59
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

GET
H3-29 200 css
fonts.googleapis.com/ Frame BDBB 4 KB
643 B 29ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/2.ad65f2e6.chunk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6aa6360b39fe982bd5f7cdf9bd09d2ea596614697679c98ad347111aab2b38dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Jun 2021 01:38:44 GMT
server: ESF
date: Fri, 18 Jun 2021 03:31:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Jun 2021 03:31:01 GMT

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame BDBB 103 B
200 B 117ms
117ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

0e60da45f76ad0de9d166d40b2ff327f8ac1afe81c0b0ff5e07ac97e6f3dddd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:02 GMT
server: istio-envoy
requestid: 1a6aed6c2dd76708
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 6
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 103
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 334ms
114ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:02 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift71af75447a69901ee8aab6bc01c
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

GET
H2 200 5dfsgn7m2kst.json Show response
embeds.driftcdn.com/embeds/ Frame BDBB 60 KB
11 KB 508ms
432ms XHR
application/json 13.224.195.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embeds.driftcdn.com/embeds/5dfsgn7m2kst.json
Requested by: Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.195.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-195-101.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 069ef81aa914915ad7c9d2c1f51adc3d99216c788a87871f7ef077c9fbb7daf5

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 17 Jun 2021 23:40:52 GMT
server: AmazonS3
etag: W/"82564631bc920b72d7d758ae58178ca3"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/json; charset=UTF-8
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
cache-control: public, max-age=30
x-amz-cf-id: M_T1v13Yon0jxa5n6-mcpaijs5hCVDK2E55Xui2MAH3UNTSGzGNJ6Q==

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame BDBB 5 KB
2 KB 304ms
304ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

6ace2425ae278d0dda6436b65cbba6f017b85d94db37d80d5d3eca1198741923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
content-encoding: gzip
server: istio-envoy
requestid: b45ce7b86920ee37
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 193
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2123
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

GET
H2 200 5dfsgn7m2kst Show response
targeting.api.drift.com/hours/availability/combined/ Frame BDBB 46 B
109 B 133ms
133ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/hours/availability/combined/5dfsgn7m2kst

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

58cf0a1064945052c7f639f14eb4f5046392db2c532e42ec2873b2298e3af9c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDAyODcxMDU4NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE2NTU1MjMwNjMsImlhdCI6MTYyMzk4NzA2M30.UI3rn2KMPkO5J25F4aeyd2wwQTpVmyLQKTc-pe16-RyuUCzLeMf8JNGa1LwMfFvqt6J9MkLh5q_YEx_cnfUx7w

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
server: istio-envoy
requestid: f441c5fab23ceb92
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 22
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 46
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 5dfsgn7m2kst
targeting.api.drift.com/hours/availability/combined/ Frame 0
0 114ms
111ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/hours/availability/combined/5dfsgn7m2kst

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: HEAD,GET,OPTIONS
requestid: drift0b6fecf4fdf9b40f5edfd641dc9
content-length: 18
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 track Show response
event.api.drift.com/ Frame BDBB 662 B
1 KB 110ms
110ms XHR
application/json 52.0.189.149
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.0.189.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-189-149.compute-1.amazonaws.com

Software

Resource Hash

f9f05b2e259f2efcb122ad73bd5d0a50fa5b80650b2e1c5c29d6da83c260db91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDAyODcxMDU4NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE2NTU1MjMwNjMsImlhdCI6MTYyMzk4NzA2M30.UI3rn2KMPkO5J25F4aeyd2wwQTpVmyLQKTc-pe16-RyuUCzLeMf8JNGa1LwMfFvqt6J9MkLh5q_YEx_cnfUx7w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
requestid: 5ed62f17cfd12b9a
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 662

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 344ms
109ms Preflight
text/plain 52.0.189.149
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Server

52.0.189.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-0-189-149.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
content-type: text/plain
content-length: 13
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
allow: POST,OPTIONS
requestid: driftbb6120646d0ac802f9c82f1da94

GET
H2 200 47.d1ec1cad.chunk.js Show response
js.driftt.com/core/assets/js/ Frame BDBB 17 KB
6 KB 35ms
34ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/47.d1ec1cad.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

4f7b7bbf5225cd88e68285c8d02057dd19cb7e7a12d4465f67c9cd2976aeee29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=ea9dd866-3b43-4c54-9a1e-0388f122a4e8&sessionStarted=1623987061&campaignRefreshToken=c4641737-82a3-4891-abdd-dc7fd7d85d9d&hideController=false&pageLoadStartTime=1623987059219&mode=CHAT
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 22:58:57 GMT
content-encoding: gzip
age: 621126
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"df31a79a2de4ba62caa657c97430e66a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: I7uscgO7DYOtWQYJ4_w8BEXv2czNXKMV
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R1qQq3QJBtKWDFRjzzjTKpWJ2YQUPYcyLgUeqgemPt79it08Cc0cQw==

GET
H2 200 47.d1ec1cad.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F1AD 17 KB
6 KB 34ms
34ms Script
application/javascript 143.204.205.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/47.d1ec1cad.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ed3fc1ef.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.205.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-205-35.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

4f7b7bbf5225cd88e68285c8d02057dd19cb7e7a12d4465f67c9cd2976aeee29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 10 Jun 2021 22:58:57 GMT
content-encoding: gzip
age: 621126
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 10 Jun 2021 17:38:45 GMT
server: nginx
etag: W/"df31a79a2de4ba62caa657c97430e66a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: I7uscgO7DYOtWQYJ4_w8BEXv2czNXKMV
via: 1.1 d16428714e022976873ccc980fdc1289.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA53-C1
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3XREEB9rWpsnzmHjClo0k-kfxMVfBxtFzDGq6qmJT-AeDVRrDPiOhQ==

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 111ms
111ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift36246e2454bbc56d2aaf6d9896a
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame BDBB 2 KB
801 B 112ms
112ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

feb79d58e0578425492202536a85cb7b678f9f28ddbdd57989189354c2052a7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDAyODcxMDU4NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE2NTU1MjMwNjMsImlhdCI6MTYyMzk4NzA2M30.UI3rn2KMPkO5J25F4aeyd2wwQTpVmyLQKTc-pe16-RyuUCzLeMf8JNGa1LwMfFvqt6J9MkLh5q_YEx_cnfUx7w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
content-encoding: gzip
server: istio-envoy
requestid: 79fbc0ff170fee8c
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 736
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

POST
H2 200 render_initial Show response
flow.api.drift.com/flows/ Frame BDBB 5 KB
2 KB 145ms
145ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

25fb547a681e738a0eb32214073bd995c683b9b0650fb27fdd8daffadf75cf4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDAyODcxMDU4NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE2NTU1MjMwNjMsImlhdCI6MTYyMzk4NzA2M30.UI3rn2KMPkO5J25F4aeyd2wwQTpVmyLQKTc-pe16-RyuUCzLeMf8JNGa1LwMfFvqt6J9MkLh5q_YEx_cnfUx7w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
content-encoding: gzip
server: istio-envoy
requestid: 2dbcb654db4004a1
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 34
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2338
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 render_initial
flow.api.drift.com/flows/ Frame 0
0 113ms
111ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:03 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift107806d4a7a8b8fba860f13a795
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame BDBB 25 B
88 B 124ms
124ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDAyODcxMDU4NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE2NTU1MjMwNjMsImlhdCI6MTYyMzk4NzA2M30.UI3rn2KMPkO5J25F4aeyd2wwQTpVmyLQKTc-pe16-RyuUCzLeMf8JNGa1LwMfFvqt6J9MkLh5q_YEx_cnfUx7w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:04 GMT
server: istio-envoy
requestid: 41bc669b7f0e6bef
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 111ms
110ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:04 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift33ac94648f4b61a0f75ff95b5f5
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 111ms
111ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:04 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: driftc9e270240e788a5d4bf0fede703
content-length: 13
x-envoy-upstream-service-time: 1
server: istio-envoy

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame BDBB 0
37 B 117ms
117ms XHR
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDAyODcxMDU4NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE2NTU1MjMwNjMsImlhdCI6MTYyMzk4NzA2M30.UI3rn2KMPkO5J25F4aeyd2wwQTpVmyLQKTc-pe16-RyuUCzLeMf8JNGa1LwMfFvqt6J9MkLh5q_YEx_cnfUx7w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:04 GMT
server: istio-envoy
requestid: ca88655c1e2cdfe3
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 6
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252F8024a95f2351135a5df728c0aff5f8c0mx744ua3gdzn%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w...
driftt.imgix.net/ Frame BDBB 19 KB
20 KB 22ms
7ms Image
image/png 2a04:4e42:3::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252F8024a95f2351135a5df728c0aff5f8c0mx744ua3gdzn%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3Df824a617aeb296a7f27f0a8b4aef7c51?fit=max&fm=png&h=200&w=200&s=653ea3a82cff51402b864d5492dbde2e

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

7dc24add65dc6662689b4e6643c01957af19c62c0dbc9004fe2319d198fa5208

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 18 Jun 2021 03:31:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 10 Jun 2021 08:56:55 GMT
server: imgix
age: 671649
x-cache: HIT, HIT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
x-imgix-id: 9887be77376660982a04af2028e93ac4ac9cbc3e
accept-ranges: bytes
content-length: 19866
cross-origin-resource-policy: cross-origin
x-served-by: cache-sjc10038-SJC, cache-fra19123-FRA

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ Frame BDBB 14 KB
15 KB 25ms
6ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open%20Sans|Open%20Sans:bold&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://js.driftt.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 12 Jun 2021 06:09:53 GMT
x-content-type-options: nosniff
age: 508871
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 Jun 2022 06:09:53 GMT

GET
H3-29 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
5ms Image
image/gif 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j90&a=1350427979&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fparasite-http-rat-cooks-stew-stealthy-tricks&ul=en-us&de=UTF-8&dt=Parasite%20HTTP%20RAT%20cooks%20up%20a%20stew%20of%20stealthy%20tricks%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%201673709&_u=aHBAAEABAAAAAC~&jid=&gjid=&cid=9950927.1623987059&tid=UA-2257074-1&_gid=1995045756.1623987059&gtm=2wg6g0MGR7P8X&cd19=9950927.1623987059&cd1=122703481&cd2=Spiralyze&cd3=Unclassified&cd4=Unclassified&cd5=Less%20than%20250&cd6=%245M%20-%20%2410M&cd7=SMB&cd8=Telecommunications&cd9=Spiralyze&cd10=Mountain%20View&cd11=GA&cd12=United%20States&cd13=(Non-AccountWatch%20Visitor)&cd14=(Non-AccountWatch%20Visitor)&cd15=(Non-AccountWatch%20Visitor)&cd16=(Non-AccountWatch%20Visitor)&cd17=spiralyze.com&cd18=(Non-AccountWatch%20Visitor)&z=530133389

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Jun 2021 10:01:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 63003
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/add/ Frame BDBB 25 B
84 B 112ms
112ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/42.1d3e72f0.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxMDAyODcxMDU4NSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE2NTU1MjMwNjMsImlhdCI6MTYyMzk4NzA2M30.UI3rn2KMPkO5J25F4aeyd2wwQTpVmyLQKTc-pe16-RyuUCzLeMf8JNGa1LwMfFvqt6J9MkLh5q_YEx_cnfUx7w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 18 Jun 2021 03:31:07 GMT
server: istio-envoy
requestid: 8534e7e8dcc8992a
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame 0
0 111ms
111ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Protocol

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Origin: https://js.driftt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Fri, 18 Jun 2021 03:31:07 GMT
access-control-allow-origin: *
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-credentials: true
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-max-age: 1209600
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/plain
allow: POST,OPTIONS
requestid: drift1da5cd540f8930c4a2df4ea6a50
content-length: 13
x-envoy-upstream-service-time: 0
server: istio-envoy

POST
H/1.1 200
OK 0ae22ad83e Show response
bam-cell.nr-data.net/events/1/ 24 B
555 B 660ms
660ms XHR
image/gif 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/0ae22ad83e?a=573869349&v=1209.f04e2b9&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=13268&ck=1&ref=https://www.proofpoint.com/us/threat-insight/post/parasite-http-rat-cooks-stew-stealthy-tricks
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1209.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: text/plain

Response headers

Date: Fri, 18 Jun 2021 03:31:12 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.proofpoint.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6611717dadc47377-CPH
Content-Length: 24
cf-request-id: 0abec5428900007377ae064000000001

Verdicts & Comments Add Verdict or Comment

212 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 04:28:03	Name: IDE Value: AHWqTUlEUpfJaMd-UY8YCpF6vCg4BxQJvT4ClvATFDSyUXL9P7ICeJ86-ehm9yq3thw
www.proofpoint.com/	1970-01-19 19:06:28	Name: __atuvs Value: 60cc1374ed087315000
.www.proofpoint.com/	1970-01-20 03:52:03	Name: __ar_v4 Value: %7C7YJ7XZCLMRHSVCXIHB5HIT%3A20210618%3A1%7CYV5KYXXEJZATZCT37YRTMK%3A20210618%3A1%7CT47Y2VPPABDUBJXFROMZZM%3A20210618%3A1
www.proofpoint.com/	1970-01-20 04:35:15	Name: __atuvc Value: 1%7C24
.proofpoint.com/	1970-01-19 19:06:28	Name: _hjFirstSeen Value: 1
.app-abj.marketo.com/	1970-01-19 19:06:28	Name: __cf_bm Value: 53f20f64607bc9055cda5c3536b1b5debb50b7c4-1623987059-1800-ASTWXmtae9zRJSoR5H+3hz4WYL0sm2K9jG6QaxvsVApGyEBOt4DCVzlwlQ75GrDCNImKbjLK7acnT7k7zL1ma4g=
.proofpoint.com/	1970-01-20 03:52:03	Name: _hjid Value: a24efc52-276f-48c9-8d99-1b4d3edf551b
.proofpoint.com/	1970-01-19 19:06:27	Name: _gat_UA-2257074-1 Value: 1
.proofpoint.com/	1970-01-20 03:53:29	Name: _vwo_uuid_v2 Value: DC848A4785EDB4C4BB8F88898C77D3272\|171086d9af782d25a873e7342e2519bc
.proofpoint.com/	1970-01-19 19:07:53	Name: _uetsid Value: 99c5e630cfe511eb9df191ae327104be
www.proofpoint.com/	1970-01-19 19:06:28	Name: drift_campaign_refresh Value: c4641737-82a3-4891-abdd-dc7fd7d85d9d
.www.proofpoint.com/	1970-01-23 10:45:19	Name: _rtfl_s_handshake_guid Value: f71685cf-807a-4714-94dd-da10622bd78d
.www.proofpoint.com/	1970-01-20 03:52:24	Name: __adroll_fpc Value: 2e80c18d4400239df5f462d18e0d8cd1-1623987060880
.proofpoint.com/	1970-01-20 03:51:15	Name: visid_incap_177663 Value: yl7OiB3XR+KmjafqxvtiP3ETzGAAAAAAQUIPAAAAAAA23dkQwqrTfIyOkvR+C/UN
.proofpoint.com/	1970-01-20 12:37:39	Name: _ga Value: GA1.2.9950927.1623987059
.proofpoint.com/	1970-01-19 21:16:03	Name: _gcl_au Value: 1.1.30201701.1623987060
.proofpoint.com/	1970-01-19 21:16:03	Name: _fbp Value: fb.1.1623987059582.1682804438
.proofpoint.com/	1970-01-20 04:28:03	Name: _uetvid Value: 99c61130cfe511ebb790df76f2682a40
.proofpoint.com/	1970-01-19 19:07:53	Name: _gid Value: GA1.2.1995045756.1623987059
.proofpoint.com/	1969-12-31 23:59:59	Name: incap_ses_730_177663 Value: hUpECAaW/A+NPyH/hXshCnITzGAAAAAAjw4VYr7v5jIZ7OMMHr37sg==
.proofpoint.com/	1969-12-31 23:59:59	Name: _hjTLDTest Value: 1
www.proofpoint.com/us/threat-insight/post	1969-12-31 23:59:59	Name: pp_user_country Value: de
www.proofpoint.com/us/threat-insight/post	1969-12-31 23:59:59	Name: hide_lang_switcher Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://visitor.reactful.com/dist/main.rtfl.js(Line 39) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10487471.fls.doubleclick.net
4788165.fls.doubleclick.net
ad.doubleclick.net
ads.avct.cloud
ads.avocet.io
ads.yahoo.com
adservice.google.com
analytics.twitter.com
api.company-target.com
app-abj.marketo.com
apt.techtarget.com
attr.ml-api.io
bam-cell.nr-data.net
bat.bing.com
bootstrap.api.drift.com
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dev.visualwebsiteoptimizer.com
driftt.imgix.net
dsum-sec.casalemedia.com
eb2.3lift.com
embeds.driftcdn.com
event.api.drift.com
flow.api.drift.com
fonts.googleapis.com
fonts.gstatic.com
geoip-js.com
googleads.g.doubleclick.net
gwmtracking.com
ib.adnxs.com
id.rlcdn.com
js-agent.newrelic.com
js.driftt.com
match.prod.bidr.io
metrics.api.drift.com
munchkin.marketo.net
pixel.advertising.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.sitescout.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.adroll.com
s.ml-attr.com
s7.addthis.com
script.hotjar.com
scripts.demandbase.com
secure.adnxs.com
secure.chip2gift.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
tag.demandbase.com
targeting.api.drift.com
tracking.g2crowd.com
trk.techtarget.com
us-u.openx.net
vars.hotjar.com
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
x.bidswitch.net
z.moatads.com
104.16.95.80
104.244.42.67
104.244.42.69
108.174.10.14
13.224.195.101
13.32.2.16
13.32.2.47
141.226.228.48
142.250.186.162
142.250.186.66
143.204.205.35
151.101.114.110
162.247.243.146
163.171.128.148
184.30.20.207
184.30.24.121
185.33.220.243
185.33.221.90
185.64.190.80
199.232.136.157
206.19.49.24
216.200.122.11
216.58.212.134
23.218.208.246
23.218.209.154
23.45.104.85
2600:9000:2156:1600:12:3734:2a40:93a1
2606:4700::6812:1bbe
2606:4700::6812:aef
2620:119:50e3:101::6cae:b45
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:80:800::7001
2a00:1450:4001:802::200a
2a00:1450:4001:809::2013
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2008
2a00:1450:4001:829::2002
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2003
2a00:1450:4001:830::2003
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a00:1450:400c:c04::9a
2a02:26f0:7100:481::25ea
2a02:26f0:7100::687e:24b0
2a02:e980:107::cf
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:3::720
3.120.52.76
3.65.212.7
34.96.102.137
34.98.64.218
35.156.153.71
35.244.174.68
50.16.7.188
51.11.20.152
52.0.189.149
52.17.151.21
52.208.183.163
52.49.183.138
65.9.77.113
65.9.77.25
65.9.77.47
66.155.71.149
68.67.153.60
69.173.144.138
70.42.32.95
99.86.242.50
99.86.242.68
0024d7e8c7cadbee41e3811e351b08257e2fb01041802fd87fa7e0ee5fa8e20f
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429
02d86b95a1f2cf793ce77118e0a5ca4969e396cebb7f7801e9746877fe937a79
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
069ef81aa914915ad7c9d2c1f51adc3d99216c788a87871f7ef077c9fbb7daf5
084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b
0accf9cd87124254f585396ab156ac9cc8a6fb238362746d32cc7abd85825cc6
0bc5a66e21f8648156fcbc214136ac5ff60d0adc8c9e438a2b769a83f5075d7a
0bdbd13a9da4238bc080d842dc7a9ec35b489331b7d62efb221190e1e2e7207c
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d0033a9ce3b259b253619f2534697aa4721d5a2007999af9c639b9ff64642e2
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
0e60da45f76ad0de9d166d40b2ff327f8ac1afe81c0b0ff5e07ac97e6f3dddd3
0ed0a626ef7b42864f0eca017e61c296c35c8221e8af6a7a9c924278cec959bc
106a6f15d7a3e5d58d45ec5cdc5895303f8d89fb297d7144776d6a61ed43ec88
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12326e8f0accb3ea4158ecf1cb2ab2e1b95d6a0f5eb1b80c86621f087b4363f1
1676a8158867ca736ff0a960b9300b8e0e8c016faa2b3211d54d1317213be669
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
18e37065c461d9c611f131454496d77034a6bf210a8ee3fcd2fbcc528afe8087
1a0c1d42f2aac5afb70f36b15178bdce6ea776c594c3077a89fe7046d2fd5d5b
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70
1ffde8ac4d37188366cf0a5dbbe61c3399bf4d1139f668cecd5bd5d00b43f18d
2180a89e2056bdefb9d39a4e2048b5214b19c9bd8a96facedb6ff1c82bf51694
22e4ee5f5e13de9e70e0f4394ab98afd243f1cfc0abd8c618058504b7b1009f6
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
25fb547a681e738a0eb32214073bd995c683b9b0650fb27fdd8daffadf75cf4e
28b988dafe2dc95eaa816ebb17a3329d0e170135e820c21ff6d308903d04be7e
2b90ce389507f050b8c38905dea533f2b1e18012c9e504c11d93b71c7fdf4157
2badd5eb27f506ea9c8c6e77ae1f938883ac131e2294c4e02bfbabc70ce9e6a6
2bd6a35512c25f0355adda4a4b97656a1975713107b6a164b4edefb0a172953b
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f5cdaaa7889492b45c17f3fd0d79f8a7f72fccb1bb40ad956b37bf11d8c0175
2fe5fb2d025e0a2a028376783078622313bb93ec4a64cae7a8f6c0463507b2b1
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
3356dfe5f7449f95f2518779c2cde62577d323f32a8742179400e24d242aa820
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
38fe61c974c3fa45b7a3c85975bb1bea318308957c2329f6c932623acff155b4
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d4f6040abfbbc2d2f905fdade2be75785df619bd384931c222e431b1508c5fb
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3fbc0f74ce6d613d4f9a0471081968efe30b14c15b3b7649cfcb6e3ef5f0834b
42b6a4cb0223e8edcf8a735efce1e53d8ab0b2604f31606ea6e4e454755a46de
47587df31e1e202dea23080ef9925c0d8c0794b8362781cc8ac91628ffe07e09
4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4
484fb34102101a6a5c04a80954d6a5d99a6499924256469945d49ead6c4d2529
48afd6e9f5be5a21da900991ae13170430382226c3b69ad2a8a3f5a1d67e1e14
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4d71e28edcd31a762462d68b69b58c84965188c5f19c64f9d55fe0520e33985d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f3fc31f17996bdcd89a0b6358ef30b10a4d5b8e436dcd786082965f868f3bd8
4f7b7bbf5225cd88e68285c8d02057dd19cb7e7a12d4465f67c9cd2976aeee29
50e0424193d3743bd4e7f08f1e0b7bdb98a97df7c4108c848fbaf73670672464
5213a92dbf738899b0007477b997665e1ebd0c7e26b4e20adc181be832a2fe78
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
542309427583f330f5714e1cc7fdc974bfff90c73dc7f39f1509f0de8b19f66e
545e7b14aa1b70883537234d00efed9a45a43ac26dbd956ad2b7c6a87c04f6c4
547f226c6e04b6654144617685448d360e2a92d908c6fb646761a1e6d4850004
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5795e23ab075ada2d107030286b0b7952fd039d00fd2083c072ac87adb01ce3b
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
58cf0a1064945052c7f639f14eb4f5046392db2c532e42ec2873b2298e3af9c4
59c23ac6c266273e5b45d6f10da69ca3972d7a4279b64546d4ada35b4842a15c
6336f71e33dee69b46657b12675fad734c11b8fb43782f5db75d5cb3ce84d785
65d29e040c59a5e843952c3f0da27028455dc63372440602d129681883891276
6713942afb0013c459cad9b9854b5ab79fab2567568660dde0a9052a2e5670e4
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
69a12e6a2c6dff14902de0fec7a22b138a389be30d22265fa1f3c629373c295e
6aa6360b39fe982bd5f7cdf9bd09d2ea596614697679c98ad347111aab2b38dc
6ace2425ae278d0dda6436b65cbba6f017b85d94db37d80d5d3eca1198741923
6e6e6a03e72a528c28884b50bf296425667f38dd0aaf1dd17ce89199ffc85271
70f7c95ccbf16a610334be7cdd1fe7bfe9942fbc231f15e725bdf3b849ed8346
73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b
73e2e5173ed0d5a77b02914fa0ef1f67bb53143da75f0348f558f95565220ca1
73f47a6d2e3e5b46af3ef19ad1e9ff03f0db27e6cb10b4d1086566d57d28f105
74c62da8d57caed4b5967e4045604a5be10e7c134a5d5cc04dcb2665c804334f
76f73bfe436a71077f252ade8fb13fdd724a8f1a40fa2ec8bcf65b413a0e6939
785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232
79764a3ae68dab632c9b569151e5d061dfe56225b0038438de7af50ce0c69f14
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7c59ba72953cc99b7cc6735de0285f154a29e30b5fd5d5b04d819ed22d21bc3a
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7dc24add65dc6662689b4e6643c01957af19c62c0dbc9004fe2319d198fa5208
7df4a54cd6e7081fc46e0a37832aab5f9273076520690ac076aeeab82c816415
817c7a8de5f73b3bd9358babbbd8f904fa639279f18bc86d320fcfb7fcfa8485
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f
8b51552f523ecd57ca4f82df5ab10610349f91cacb7c0f72d0290bed3cc37e4e
8c58a438125e389f81b62999773d8d6cb9e25828bb6049248faa04c12d2bc8a7
8f95881581538aba7c347cb22d1c5eabe736b7e914fa5ddb146a7d6cf58c2b4e
914ae362937120d900bb5c5d95c70f3957fa2270c308925e4a72ad56446911cb
93fa8b2f6e13b1ac02946cf42cebafaa637e07feb93b926eace76fd5128df564
982366f1ad02914ee8f64b7b11ac8a7f9902b6050e10c269b171cd2e51db3dee
9919c7f0c206037e856f4ca4c102188b3cc46995b95eda70e374d9b69d5cb100
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
9ae3331ec7a341b12a352038820ade9dfc4f8946ec365397abf5b5a9a6f74b83
9d27a4dacd51fa68cf7126027e7ab00d7859c56c55fce15f6ae5e20e10e14b64
9f4df84893a9a4170ca1d67056a0b52c53da5079bd6ff4a18262d20395d2a717
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a31cbb768b25b1d6de6366672c0f5cbdcb9a63bfd84b1d8bb7d64ef03cbd2c2e
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
aa9061fef557b45dc7bcbc15eb2d6b8f759a615adb98e5ba1c0adc45efd38f2c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad0d92cf604efc8b3419a489e8f598a017c3ef0fec742f3387d9de06e83c25d4
ad6468ba2de8181001a9eabbd24b602242c74ea9c54eed918c8253e171695496
ae58d73b37c85f0b4e5b489e1b317148c392358459b7dce1b0e979a82e3a05cb
b05c21426d9a2999f3f7b48d494bc6dba7b4fba240d3eae1047c99116c075232
b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a3f5621e2b58f429984351d353220dafd7bd6b3f14ea228c511c32ab936e36
b46a0ad04024e58abe9e418c6cda39249d981cb334dd809c192d77a31311af14
b743316f90e9e30d62b91239fa883e4d3834f628c9a27688836241d8ab547c2e
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
b9fd6844b3e645e64ba931197daa064d255f51d116ae79704e0e5fe17ea76260
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
c0269ba28d9ec51948de3000f364e6890e8a369ab832b4deb572415845a39712
c694a371dc0d0d8accc0cc110c4e2e8f15a44682710b85c71c2f68833623737c
c7d5941dbda118b0204ef86263600977d9a7aae74985309ef7353fe74da78ca4
c8de55874475c175335f0c6fc79e975cc9325630e3641389c18ae7ae5ab9a981
ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a
cb67a67d2d96d4e644a44fd3f61ec63bb35ca0ff67d6c961edcc55dde9cdf92e
cbb20242c534c7efc0019925c8a81730f3b09f042273130a0ae861bda498f151
cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625
cef5e7a8bbafdc0187cc3bd50db0417a3ed578deec09d93fe306bddf30a9ba43
cf10733d133026b10cb50defccc4456cfa960d0c0b91d7cf643caf9741e39c58
d0367425588dbeffe0937d12d661e7bd2db9676f92cf715823267750ec07ff59
d1c6032b67262b3855f2ae2702f0497cf50f3caf6ce5211641f1756ee3a4332b
d47ae7a2d6d439a1ca81303eeb9e45e90983297e10c6c51d888a1e090c6d2e7f
d525a702b4305a4ef63fe9070e6e76c1f107da20da379b48798cc64fa12d86df
d6dffdf0c11445d390ce54b124aad97a24f21d2e54d0e2f5320c466cda85f9d9
d75c1823f06b25faffc4d8177e4fbad465186322ee07a862adabf1de9f6606ce
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
dcc9b82683719d082db3ba8d6927ac8a03dd5c01d80e6fbe9418badf1e27270e
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0b6d26489191155d30162f050cf2a964afb8cf054e3f59e7f710942a9a12293
e12f41f00e2ee8a10327a832e9f228d9a21e346f300eb483233171c5d86ecb60
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7657b3001a9523fb81152df7eb790ac0e7c7a163d06c31c5052b6e1b25ca77d
e90d57f411dd7b15b40912a0054905950c28469a3feb592e6c3ddb74d2ef5915
e9618225f87a07ea43af2674ce4207adfb0897b1bb6aaf2157b502ee89538aa4
e9b3c1ef5622bc620a5c1d364aa9fbec2c9d6230bb5f6ab825825db09dd71f6a
ed56292da2883fe23fa81f64fcedb3c6dff5f09b4f2aed777be50699e7f04ba7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f156ae940f7e272f1319e3a835871f632bc4275105f4882685a3435d7ed4e3fb
f26c1ac9edac4ce70a6721545b0e449dccf4190d785ab0966a31876d5aecc7c1
f469f0f2ec90c279cfe0e1a54b280d51e700fd6454ca7bffd7202df3dd7d6b3b
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
f7c1b894557e3429f10b0c817f8c532149dc55d288fe7528cff0791cdcb59274
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f8e3f110b75b3f1951f50fb7795c6eaf5bee4f07b787a1b535b39e734c7f1723
f9f05b2e259f2efcb122ad73bd5d0a50fa5b80650b2e1c5c29d6da83c260db91
fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969
fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd
fa8fcfcdcfbcd454908c1139c40929082c3711ef9d2bc8bd94bd0a525b61612f
fab816e037c0f67ab424c67234af03471c66a13357d6e187ecb238a2eac62a04
fb6a54fd0ea4287ed803a20a197516820c7e13ee66649e7c99aeefd06b646543
feb79d58e0578425492202536a85cb7b678f9f28ddbdd57989189354c2052a7b

www.proofpoint.com Open in urlscan Pro 2a02:e980:107::cf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

227 Requests

100 %HTTPS

34 %IPv6

59 Domains

78 Subdomains

65 IPs

6 Countries

4568 kBTransfer

10309 kBSize

23 Cookies

20 Outgoing links

Redirected requests

227 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 22 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Screenshot
Live screenshot

Full Image

227
Requests

100 %
HTTPS

34 %
IPv6

59
Domains

78
Subdomains

65
IPs

6
Countries

4568 kB
Transfer

10309 kB
Size

23
Cookies

227 HTTP transactions
22 data transactions