pratum.com Open in urlscan Pro
192.124.249.57 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://d1337p04.na1.hubspotlinks.com/Btc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJ...
Effective URL:
https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpD...
Submission: On December 02 via api (December 2nd 2021, 6:03:59 pm UTC) from US — Scanned from DE

Summary HTTP 115 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 34 IPs in 3 countries across 27 domains to perform 115 HTTP transactions. The main IP is 192.124.249.57, located in Menifee, United States and belongs to SUCURI-SEC, US. The main domain is pratum.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on June 23rd 2021. Valid for: a year.

This is the only time pratum.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700::68... 2606:4700::6812:1e69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
38	192.124.249.57 192.124.249.57	30148 (SUCURI-SEC) (SUCURI-SEC)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
14	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:dfcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:b749	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d5cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0d::9a	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6810:5905	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:47b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eccc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:eacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:72b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:15bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6811:9d2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:b772	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
7	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:c8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:810::200d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
115	34

2 2606:4700::6812:1e69 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

d1337p04.na1.hubspotlinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 192.124.249.57 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10057.sucuri.net

pratum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:dfcc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:b749 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:5905 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ab (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eccc (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:eacc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:72b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:9d2 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:b772 (United States)

ASN13335 (CLOUDFLARENET, US)

f.hubspotusercontent40.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c8cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	pratum.com pratum.com	4 MB
14	google.com www.google.com apis.google.com accounts.google.com	147 KB
14	hubspot.com no-cache.hubspot.com cta-service-cms2.hubspot.com api.hubspot.com app.hubspot.com forms.hubspot.com track.hubspot.com	32 KB
6	twitter.com platform.twitter.com syndication.twitter.com	148 KB
5	hsappstatic.net static.hsappstatic.net	258 KB
5	hsforms.com forms.hsforms.com perf.hsforms.com	4 KB
3	google.de www.google.de	719 B
3	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	3 KB
3	gstatic.com fonts.gstatic.com ssl.gstatic.com www.gstatic.com	162 KB
3	hsforms.net js.hsforms.net	295 KB
2	hubspotusercontent40.net f.hubspotusercontent40.net	112 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	googletagmanager.com www.googletagmanager.com	78 KB
2	bootstrapcdn.com netdna.bootstrapcdn.com	62 KB
2	hubspotlinks.com 1 redirects d1337p04.na1.hubspotlinks.com	3 KB
1	hubapi.com api.hubapi.com	946 B
1	linkedin.com platform.linkedin.com	61 KB
1	hs-banner.com js.hs-banner.com	16 KB
1	hsadspixel.net js.hsadspixel.net	3 KB
1	hsleadflows.net js.hsleadflows.net	87 KB
1	usemessages.com js.usemessages.com	21 KB
1	hs-analytics.net js.hs-analytics.net	20 KB
1	hscollectedforms.net js.hscollectedforms.net	26 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	hs-scripts.com js.hs-scripts.com	1 KB
1	hscta.net js.hscta.net	6 KB
1	googleapis.com fonts.googleapis.com	1021 B
115	27

	Domain	Requested by
38	pratum.com	d1337p04.na1.hubspotlinks.com pratum.com
7	apis.google.com	pratum.com apis.google.com accounts.google.com
6	www.google.com	pratum.com apis.google.com js.hsleadflows.net
5	track.hubspot.com
5	static.hsappstatic.net	app.hubspot.com static.hsappstatic.net
4	platform.twitter.com	pratum.com platform.twitter.com
3	perf.hsforms.com	pratum.com
3	api.hubspot.com	js.usemessages.com static.hsappstatic.net
3	www.google.de	pratum.com
3	js.hsforms.net	pratum.com js.hsforms.net
2	syndication.twitter.com	platform.twitter.com
2	f.hubspotusercontent40.net	pratum.com
2	forms.hubspot.com	js.hscollectedforms.net js.hsleadflows.net
2	cta-service-cms2.hubspot.com	js.hscta.net
2	forms.hsforms.com	js.hsforms.net pratum.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	www.google-analytics.com	pratum.com www.google-analytics.com
2	www.googletagmanager.com	pratum.com js.hsadspixel.net
2	netdna.bootstrapcdn.com	pratum.com netdna.bootstrapcdn.com
2	d1337p04.na1.hubspotlinks.com	1 redirects
1	www.gstatic.com	www.google.com
1	ssl.gstatic.com	accounts.google.com
1	accounts.google.com	apis.google.com
1	api.hubapi.com	js.hsadspixel.net
1	platform.linkedin.com	pratum.com
1	app.hubspot.com	js.usemessages.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	www.googleadservices.com	www.googletagmanager.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	fonts.gstatic.com	fonts.googleapis.com
1	js.hs-scripts.com	pratum.com
1	js.hscta.net	pratum.com
1	no-cache.hubspot.com	pratum.com
1	fonts.googleapis.com	pratum.com
115	39

This site contains links to these domains. Also see Links.

Domain
github.com
info.pratum.com
www.twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
hubspotlinks.com Cloudflare Inc ECC CA-3	`2021-06-17` - `2022-06-16`	a year	crt.sh
pratum.com Go Daddy Secure Certificate Authority - G2	`2021-06-23` - `2022-06-23`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2021-06-26` - `2022-06-25`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2021-06-10` - `2022-06-09`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2021-06-07` - `2022-06-06`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
Frame ID: EBAC1F518D18075046F1181D56C91B61
Requests: 94 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: 1A2279031520744641370F5DE868B744
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/8984595/threads/utk/349f5bb02a494705830ec354767bd3cf?uuid=25e190b022e34e5ea20d06b0de509b05&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=pratum.com&inApp53=false&messagesUtk=349f5bb02a494705830ec354767bd3cf&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 834690DA031316DF701F8EDD91AF14F8
Requests: 8 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 1B5E1037F93D388C3C92B0B4F3196FEF
Requests: 2 HTTP requests in this frame

Frame: https://apis.google.com/u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&annotation=none&action=share&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: 103370375ADF17CB8B11754566A917FF
Requests: 2 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fpratum.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Frame ID: E93E2FC7FD4173BF61ACCFE63C6C37CF
Requests: 4 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fpratum.com
Frame ID: D36768E845CFB4089A869AED234F33E6
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Frame ID: 01792CCE9A931BDFF12F37D003AF4B1E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

What Are Fileless Malware Attacks? - Pratum

Page URL History Show full URLs

https://d1337p04.na1.hubspotlinks.com/Btc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-W... Page URL
https://d1337p04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmK... HTTP 307
https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&... Page URL

Page Statistics

115
Requests

100 %
HTTPS

91 %
IPv6

27
Domains

39
Subdomains

34
IPs

3
Countries

6177 kB
Transfer

9430 kB
Size

13
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/LOLBAS-Project/LOLBAS
Title: browse a list here

Search URL Search Domain Scan URL

URL: https://info.pratum.com/employee-security-training-planner-pratum

Search URL Search Domain Scan URL

URL: https://info.pratum.com/cs/c/?cta_guid=b124a078-bd07-45a9-802f-e708be16c78b&signature=AAH58kHdGpkHpiarEy7Kl8zNvClPJSBHBw&placement_guid=3e047f1a-13ef-45b2-8e91-ad3e0812c076&click=6f9b383d-d615-4dec-95fa-e6810fc49d54&hsutk=932c7a1031ad7ac8a2bef936bb00ab7a&canon=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&portal_id=8984595&redirect_url=APefjpELlSs6KYCL2xMJnJFwfpA3t8y7DmQKO_6fN-vWP9C73yh1yfEnNJ2nvPfRs92244hpOiwu43rsLjOtLt2yhz8wJp9WyZ1B_uVMRZo0XV4Zb1Oxs1j0ZrxdaLfLJLMDiBAviYQPl7P_I7UcYgGvVESwA3BnLQKTa4dXI08jt_J0ytaWO1Q&__hstc=240358044.932c7a1031ad7ac8a2bef936bb00ab7a.1638468234069.1638468234069.1638468234069.1&__hssc=240358044.1.1638468234070&__hsfp=808429732
Title: Get it Now

Search URL Search Domain Scan URL

URL: https://www.twitter.com/pratumsecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/pratum/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://d1337p04.na1.hubspotlinks.com/Btc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJV7qgZC6TnQGhW2VwFtd2hxcCMW2rxKht2HHxpvW8JZ8332WFRCxW3F0jWN4Btj1PW85-sV_4NXfMxW12nXhh5zlcQsW3W4twJ9bhgsXW460n9n9jMXw6W2LJsD357wfFkVnwcSQ8vFdVnW4cB0Jh5rYJtPW66b3fr2Ml9wcW6cxMR-5hVYhGW5YrNPc3tlsvtN8x1N6W_JH8HW6RZjVG3r2lQkW21633R7_88x9W2Q3frP8YFK_HW7d0fGB2QgtvqW7JCq_D38PN64W8-tgrQ3N9hvDW5TC0R852F0L13kkk1 Page URL
https://d1337p04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJV7qgZC6TnQGhW2VwFtd2hxcCMW2rxKht2HHxpvW8JZ8332WFRCxW3F0jWN4Btj1PW85-sV_4NXfMxW12nXhh5zlcQsW3W4twJ9bhgsXW460n9n9jMXw6W2LJsD357wfFkVnwcSQ8vFdVnW4cB0Jh5rYJtPW66b3fr2Ml9wcW6cxMR-5hVYhGW5YrNPc3tlsvtN8x1N6W_JH8HW6RZjVG3r2lQkW21633R7_88x9W2Q3frP8YFK_HW7d0fGB2QgtvqW7JCq_D38PN64W8-tgrQ3N9hvDW5TC0R852F0L13kkk1?_ud=299f84eb-e368-4744-97c0-936eb7b7f586&_ch=p&_pr2=p&_pl=3&_lg=en-US,en&_dr=p&_ts=p HTTP 307
https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

115 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJV7qgZC6TnQGhW2VwFtd2hxcCMW2rxKht2HHxpvW8JZ8332WFRCxW3F0jWN4Btj1PW85-sV_4NXfMxW12nXhh5zlcQsW3W4twJ9bhgsXW460n9n9jMXw6W2LJsD3...
d1337p04.na1.hubspotlinks.com/Btc/5E+20185/d1337p04/ 9 KB
3 KB 567ms
508ms Document
text/html 2606:4700::6812:1e69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://d1337p04.na1.hubspotlinks.com/Btc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJV7qgZC6TnQGhW2VwFtd2hxcCMW2rxKht2HHxpvW8JZ8332WFRCxW3F0jWN4Btj1PW85-sV_4NXfMxW12nXhh5zlcQsW3W4twJ9bhgsXW460n9n9jMXw6W2LJsD357wfFkVnwcSQ8vFdVnW4cB0Jh5rYJtPW66b3fr2Ml9wcW6cxMR-5hVYhGW5YrNPc3tlsvtN8x1N6W_JH8HW6RZjVG3r2lQkW21633R7_88x9W2Q3frP8YFK_HW7d0fGB2QgtvqW7JCq_D38PN64W8-tgrQ3N9hvDW5TC0R852F0L13kkk1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1e69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 02 Dec 2021 18:03:51 GMT
content-type: text/html;charset=utf-8
x-robots-tag: none
referrer-policy: no-referrer
vary: Accept-Encoding
x-hubspot-correlation-id: 7d43f399-9b18-4bd7-b53a-8e0440f0cba6
access-control-allow-credentials: false
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b7679693bd55a43-MXP
content-encoding: br

GET
H2

403

Primary Request 515-what-are-fileless-malware-attacks Show response
pratum.com/blog/
Redirect Chain

https://d1337p04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJV7qgZC6TnQGhW2VwFtd2hxcCMW2rxKht2...
https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF...

39 KB
13 KB

701ms
664ms

Document
text/html

192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email

Requested by

Host: d1337p04.na1.hubspotlinks.com
URL: https://d1337p04.na1.hubspotlinks.com/Btc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJV7qgZC6TnQGhW2VwFtd2hxcCMW2rxKht2HHxpvW8JZ8332WFRCxW3F0jWN4Btj1PW85-sV_4NXfMxW12nXhh5zlcQsW3W4twJ9bhgsXW460n9n9jMXw6W2LJsD357wfFkVnwcSQ8vFdVnW4cB0Jh5rYJtPW66b3fr2Ml9wcW6cxMR-5hVYhGW5YrNPc3tlsvtN8x1N6W_JH8HW6RZjVG3r2lQkW21633R7_88x9W2Q3frP8YFK_HW7d0fGB2QgtvqW7JCq_D38PN64W8-tgrQ3N9hvDW5TC0R852F0L13kkk1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

5a56785af1559e3ea1c353f3ad370e79e5105f43837571449011b0df877f8eb7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d1337p04.na1.hubspotlinks.com/Btc/5E+20185/d1337p04/VWpH597pDNn4W1gvmNf2fZmKkW3LfLlX4BBTdwN6-TN-13lSc3V1-WJV7CgL68N3YC1xFHv_XJV7qgZC6TnQGhW2VwFtd2hxcCMW2rxKht2HHxpvW8JZ8332WFRCxW3F0jWN4Btj1PW85-sV_4NXfMxW12nXhh5zlcQsW3W4twJ9bhgsXW460n9n9jMXw6W2LJsD357wfFkVnwcSQ8vFdVnW4cB0Jh5rYJtPW66b3fr2Ml9wcW6cxMR-5hVYhGW5YrNPc3tlsvtN8x1N6W_JH8HW6RZjVG3r2lQkW21633R7_88x9W2Q3frP8YFK_HW7d0fGB2QgtvqW7JCq_D38PN64W8-tgrQ3N9hvDW5TC0R852F0L13kkk1

Response headers

server: nginx
date: Thu, 02 Dec 2021 18:03:52 GMT
content-type: text/html; charset=utf-8
x-sucuri-id: 15007
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
permissions-policy: interest-cohort=()
content-encoding: gzip
vary: Accept-Encoding
expires: Wed, 17 Aug 2005 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Thu, 02 Dec 2021 18:03:52 GMT
x-sucuri-cache: MISS

Redirect headers

date: Thu, 02 Dec 2021 18:03:51 GMT
x-robots-tag: none
link: <https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email>; rel="canonical"
location: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
referrer-policy: no-referrer
x-hubspot-correlation-id: 53b85eb5-1335-4adb-b699-caf8ab24e910
access-control-allow-credentials: false
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6b76796cc9ba5a43-MXP

GET
H2 200 bootstrap.min.css
pratum.com/templates/avendor/css/ 107 KB
107 KB 11ms
11ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/bootstrap.min.css

Requested by

Host: pratum.com
URL: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

326ffedb17cf069bdc342759a21bf78461179b48fe9047d0e4636e3c6115ad9d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 109522
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 font-awesome.css
netdna.bootstrapcdn.com/font-awesome/4.3.0/css/ 28 KB
6 KB 102ms
42ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c374efba54279628793f04e10ebf5d0c1b4dbc36b3f4132d9235f01d64ca5c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 722, 718, 718
age: 19331717
cdn-cachedat: 2021-04-22 15:16:31
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 053e15475401658e0f4bd00a1ce111ab
cf-ray: 6b767974cf040e2a-MXP
cdn-requestcountrycode: IT
cdn-requestpullsuccess: True

GET
H2 200 avendor-light.css
pratum.com/templates/avendor/css/ 104 KB
105 KB 25ms
25ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/avendor-light.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

858a841eeb944e8246888743c6aad09d3591f56986d7e4a8ef7a5f61c5d6c9b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 30 Dec 2020 16:24:04 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 106683
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 joomla.css
pratum.com/templates/avendor/css/ 25 KB
25 KB 29ms
29ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/joomla.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

3a9cbcbec8f6ed3bbe0262a9354405bd8855566f0340a5044a49b4febf4ae91d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 25447
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avendor-font-styles.css
pratum.com/templates/avendor/css/ 108 KB
108 KB 29ms
28ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/avendor-font-styles.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

869ac15c910a336a380f77c870aeb154ee77d1c56e6450dd0d7b85877b2b4bc1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 110446
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 animate.css
pratum.com/templates/avendor/css/ 75 KB
76 KB 28ms
28ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/animate.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

f348544fc10b4a29072e8eaf28d831cf9ab23e274d30b16825c1acfd3418832e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 77166
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 options.css.php
pratum.com/templates/avendor/css/ 9 KB
9 KB 155ms
154ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/options.css.php?c1=007398&c2=0099cc&c3=&c4=&bg=bg-custom

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

69d6d79ddea8e76e73fe6c9ce4f47d45a1cb469abf497c49ef573f3fed046dd5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
x-sucuri-cache: BYPASS
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
x-xss-protection: 1; mode=block

GET
H2 200 overrider.css
pratum.com/templates/avendor/css/ 3 KB
3 KB 27ms
27ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/overrider.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

3b892aba7aa482b252130b67278e4bdeabb56afab3440ea345ad4f6d3cbb4e0c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Feb 2021 19:09:38 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 3155
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 custom.css
pratum.com/templates/avendor/css/ 167 B
475 B 31ms
31ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/css/custom.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

6dd19753205a348c50fce29f867f3b02c1daac5f8874fe3ab37d5574502a70de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Mon, 04 May 2020 18:27:08 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 167
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1021 B 50ms
25ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f2961ef025e9598bbc17229d642d373a9eb7feaa927ac1149a1bfc546d31caed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 02 Dec 2021 16:08:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 02 Dec 2021 18:03:52 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 02 Dec 2021 18:03:52 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
pratum.com/templates/avendor/js/ 94 KB
94 KB 38ms
38ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery-1.11.1.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 95786
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
pratum.com/plugins/content/fastsocialshare/style/ 2 KB
2 KB 38ms
38ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/plugins/content/fastsocialshare/style/style.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

020d1a573669e72a8e8683c79172d665c5715159411eca3be5ad54bc154d5895

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 1830
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 prat.css
pratum.com/plugins/system/cookiehint/css/ 921 B
1 KB 38ms
37ms Stylesheet
text/css 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/plugins/system/cookiehint/css/prat.css?d167659280380cb1c68256ebb65d604a

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

8f57f926ba6c5873973da65dafa127b5a10efcaa3bd2dbc08b9f7a8cb066fad6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 09 May 2019 21:06:03 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: text/css
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 921
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 caption.js Show response
pratum.com/media/system/js/ 491 B
809 B 45ms
43ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/media/system/js/caption.js?d167659280380cb1c68256ebb65d604a

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Oct 2021 07:46:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 491
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.js Show response
pratum.com/media/system/js/ 9 KB
9 KB 44ms
43ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/media/system/js/core.js?d167659280380cb1c68256ebb65d604a

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

98333312a99b4c67911a1c1d4bddda30653715ffa23ea460fe385fa1987b39ba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Oct 2021 07:46:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 8735
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 keepalive.js Show response
pratum.com/media/system/js/ 462 B
780 B 44ms
43ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/media/system/js/keepalive.js?d167659280380cb1c68256ebb65d604a

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

1df72eb0c6f570ba6c078ebea6e42747f7e11f68bcccdb8c528f85ef39d46df0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Oct 2021 07:46:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 462
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 71ms
36ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-869024229

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b7c0478efaaedfc72ae5a3b7abe296ffdc2021bc4075666b45a24ccbabae5361

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39573
x-xss-protection: 0
expires: Thu, 02 Dec 2021 18:03:52 GMT

GET
H2 200 Pratum-web-menu-logo.png
pratum.com/images/logo/ 9 KB
9 KB 21ms
18ms Image
image/png 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pratum.com/images/logo/Pratum-web-menu-logo.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

b33647812966e950d652ec553e1ae58cd5d46f61b5309ff74cbaf8bd0db0254e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Fri, 17 Apr 2020 16:49:50 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/png
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 8883
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 September_Blog_Feature_Week3_Pratum_20210817_RXX.jpg
pratum.com/images/blog/ 152 KB
152 KB 282ms
278ms Image
image/jpeg 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pratum.com/images/blog/September_Blog_Feature_Week3_Pratum_20210817_RXX.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

f9865f7ce5423db703d455d6e0d56fcc241d651c2128cd384a391601d65cec1e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 22 Sep 2021 19:39:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-sucuri-cache: MISS
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 155318
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Blogs_Social_Sept_Week3_FilelessMalware_Diagram_Pratum_20210908_RXX-05-09.png
pratum.com/images/blog/ 191 KB
192 KB 726ms
722ms Image
image/png 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pratum.com/images/blog/Blogs_Social_Sept_Week3_FilelessMalware_Diagram_Pratum_20210908_RXX-05-09.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

70b5f9d79b04494b4cec69cb88eb6bf824c5c9e3cdf03b120f77b44085b9f637

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 22 Sep 2021 18:30:53 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/png
x-sucuri-cache: MISS
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 195896
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Employee_Security_Training_Planner_Landing_Page_Pratum_20200204_PXX.png
pratum.com/images/content/ 880 KB
881 KB 725ms
721ms Image
image/png 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pratum.com/images/content/Employee_Security_Training_Planner_Landing_Page_Pratum_20200204_PXX.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

89ae0ddffe264c2a5978bb2462602ac695ef65d8c05f64e08b8f3c0825b95d15

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 15:51:39 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/png
x-sucuri-cache: MISS
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 900960
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 3e047f1a-13ef-45b2-8e91-ad3e0812c076.png
no-cache.hubspot.com/cta/default/8984595/ 2 KB
3 KB 239ms
183ms Image
image/png 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/8984595/3e047f1a-13ef-45b2-8e91-ad3e0812c076.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c64d0abdeca7f9173914ec120bc8100700ffd28ac2e644caca8ca80403a9dd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: VV79ZBJC4PXXW4H5
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1883
x-amz-id-2: R4Rg+nX/ohwV333a3YnbokjkZVnXBxRE1fx8ZLQdEZH82pgIKlCPNh4pe4dQsnoAzhkJdfiMPNQ=
last-modified: Mon, 05 Apr 2021 15:42:56 GMT
server: cloudflare
etag: "af059e66ba8be6d8ee1853a8bc7ef6bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LP%2FAK8Km1MSK7R05yAJ1JT1To5cc2Gg2fc9pI6Lv%2F3pco%2FYScXoGNjolJejkt1wXIddERjVnawTdI5EE%2FNR4yBl3RXQzku3%2Bj7yuGeq7n0ujW4kKCSkMlNujX95IB8gypdTJP%2BDsc1EiqU7Oleahl8Ol"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 6b767975efce0f56-MXP

GET
H2 200 current.js Show response
js.hscta.net/cta/ 15 KB
6 KB 106ms
41ms Script
application/javascript 2606:4700::6811:dfcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:dfcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

139ef45414de3cfdd6f9f835e1c6c823e272077d681e1f7002ad2337adfe763e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
via: 1.1 b9d1b307966c2273bf97ed7c681603db.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
age: 13
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=cta-embed-js/static-1.68/bundles/current.js&cfRay=6b76791e9ff659d1-MXP
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Tue, 30 Nov 2021 01:08:26 UTC
server: cloudflare
etag: W/"cfafba4e004c0a83b025f7c53b683b1c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: 6ptpsjcKAFwLr0kxY4mzTNXp0BbdP5LF
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6b7679757d6959d7-MXP
x-amz-cf-id: WlLIc8QOBggqodGEq8uqObFGyCyT9u1c5wnZtwNvJr7epN3-qE4J3g==
x-hs-target-asset: cta-embed-js/static-1.68/bundles/current.js

GET
H2 200 v2-legacy.js Show response
js.hsforms.net/forms/ 21 KB
8 KB 691ms
628ms Script
application/javascript 2606:4700::6811:b749
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2-legacy.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd8496b904ded0ea8472d611839277a6a8091398ededfd2aa6b57f2eba97a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
via: 1.1 066fc17b108820c747336d8f45e8ea55.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 22 Nov 2021 03:35:42 UTC
server: cloudflare
etag: W/"cb5aceb381ddfd649db465a31c789ea3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F4HNEk1eQaWe4BjQgfOpBvSCVdWEOPPIf1uegV2GxffmjdNBYRp2wMx5L6O2YwQhmFIeFZMKMzpakYX5jwDmb8XRLhGjsTp6buOC8kRF6Bz7s4tPysDve0tMTPH8FCcbKC1cA2u88Eq6CC%2Ba"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1JCfWRzqW5_w9KUGhEAT_rwjHWhio5cA
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
cf-ray: 6b767975ebb859d1-MXP
x-amz-cf-id: 15f-vLXsfknBU_lAzwfFb-AMlSM9z8h-6q8QaQdawmmAZ9CNKfyphg==
x-hs-target-asset: FormsNext/static-5.415/bundles/legacy.js

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 565 KB
144 KB 143ms
93ms Script
application/javascript 2606:4700::6811:b749
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
via: 1.1 126bc2e5c4c1b9ac0ffa004edc6f02c5.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 403
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 22 Nov 2021 03:35:42 UTC
server: cloudflare
etag: W/"81d36b7b25dcbaadd300923b7cd32d2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mKvNfiYT9JNgPyWOLNbahND%2FgsfmJ%2Fu3twzG%2FRx5%2FFzO9SP3KOtWUL33EnljtAvbqExfmaLSEi6FhRzF9mv0ZzJkejB0pN4SuQldTASFZWwIlDGu1O1IS15aNSZ5Oilg7dKblsIieKxvWnfR"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: DbFNkSWAQliTMR.LcB9YoOy1wsVfAP3h
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6b767975fbbc59d1-MXP
x-amz-cf-id: Ly-Qh9xEfCZeQC_CSvtddQ8IM1CwGXhAO3NggooWvZDb8LM1gHAgDg==
x-hs-target-asset: FormsNext/static-5.415/bundles/project_with_deps.js

GET
H2 200 Pratum_Primary_White_Gradient_F.svg
pratum.com/images/logo/ 378 KB
379 KB 21ms
18ms Image
image/svg+xml 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pratum.com/images/logo/Pratum_Primary_White_Gradient_F.svg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

cdd181db7783304f7ba9fcc1890d17482e4513d995d2ad522390b48ebfe2c2b3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Mon, 01 Nov 2021 21:47:58 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 387554
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.min.js Show response
pratum.com/templates/avendor/js/ 31 KB
31 KB 7ms
7ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/bootstrap.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

36a326c783a12f72498d41fb32371da87fe0cbd1595248f3f154fd939f07f10c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 31824
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.countdown.js Show response
pratum.com/templates/avendor/js/ 4 KB
4 KB 7ms
6ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.countdown.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

1823ecd2a8994f9d78e310dd5716bc7532b95c68db40ee69fb35b05ee09aea58

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 4014
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.queryloader2.min.js Show response
pratum.com/templates/avendor/js/ 13 KB
13 KB 8ms
7ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.queryloader2.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

2fc32c6620e847577a044afffca63a5003226db0085534477e6fdf5012c5e0fe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 12930
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 SmoothScroll.js Show response
pratum.com/templates/avendor/js/ 15 KB
15 KB 8ms
7ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/SmoothScroll.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

661f13b4f4113a7586e0bc41c176010b085fc233eb44d0f60616ca00c0e7d5fc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 14897
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.stickOnScroll.js Show response
pratum.com/templates/avendor/js/ 18 KB
18 KB 12ms
5ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.stickOnScroll.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

c224282471c8dce39b4177897bb65314ebebd61cf1137a439b20372a0792a74b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 18311
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.easing.min.js Show response
pratum.com/templates/avendor/js/ 5 KB
6 KB 14ms
6ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.easing.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

ac3f3a757bfbfc9d92bc8f5e6e6362e5d4ae41dbf3cebacdda9b8f71afc82e5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 5555
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 livicons-1.4.min.js Show response
pratum.com/templates/avendor/js/ 594 KB
595 KB 14ms
6ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/livicons-1.4.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

bbf83f7a7557c776594fd31827585c9e86e97909cae65bd4fa5637fc502760b3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 608378
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 raphael-min.js Show response
pratum.com/templates/avendor/js/ 89 KB
89 KB 22ms
14ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/raphael-min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

2aac45af52da68ebf3c21a445208b8ce755dc8caa52ce4f411bb1821e1614334

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 90656
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.stellar.min.js Show response
pratum.com/templates/avendor/js/ 12 KB
13 KB 22ms
14ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.stellar.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

f5610dca639dfbc602be3ad30b5e98bff001f6f61d4ce0a618fe8ae3e6906059

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 12637
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 owl.carousel.js Show response
pratum.com/templates/avendor/js/ 38 KB
39 KB 22ms
15ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/owl.carousel.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

14e619a4bceb4cafa0cf1832e59d42897bdf87be967a4781d8b5f3bb8852702a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 39174
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.countTo.js Show response
pratum.com/templates/avendor/js/ 3 KB
3 KB 24ms
16ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.countTo.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

474754d75548fad740bb581e4b0596cb9a1c0b47cfc03f8a6e273cc6da9b9080

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 2581
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.magnific-popup.min.js Show response
pratum.com/templates/avendor/js/ 20 KB
21 KB 24ms
17ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.magnific-popup.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

29649dd5311ae06eb0639f2655f35be5da744bf41556d1a1c32d326994d77869

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 20950
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jQuery.Opie.Tooltip.min.js Show response
pratum.com/templates/avendor/js/ 6 KB
7 KB 24ms
17ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jQuery.Opie.Tooltip.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

c745fa43ed937d94efa0c13eb43061475d7f0c76fb765e7f12522da3bda8f6a8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 6504
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.waypoints.min.js Show response
pratum.com/templates/avendor/js/ 8 KB
8 KB 24ms
17ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.waypoints.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

bc12b83b7c153e06b04925531383849c2dcaa682b2637b7606b0dd513e0806b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 8071
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.easypiechart.min.js Show response
pratum.com/templates/avendor/js/ 4 KB
4 KB 24ms
17ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/jquery.easypiechart.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

c51fcea6c8ef9450d9c9029c3cadebffa2e80a89561fbe1c42c58ca37b835818

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 3627
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 application.js Show response
pratum.com/templates/avendor/js/ 13 KB
14 KB 23ms
17ms Script
application/javascript 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://pratum.com/templates/avendor/js/application.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

008948cbaff4ddbfe3153c6088c5205b73c3803563cf97a55a47359623f496f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 13612
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 8984595.js Show response
js.hs-scripts.com/ 3 KB
1 KB 543ms
481ms Script
application/javascript 2606:4700::6811:d5cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-scripts.com/8984595.js
Requested by: Host: pratum.com
URL: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4022df340e2569efe0a37313630d18ccd282e9dd5ef78c6ddc786fd6e95a34ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: e2748524-180e-41db-b3bb-e7f1e31fb08f
last-modified: Thu, 02 Dec 2021 18:03:53 GMT
server: cloudflare
x-trace: 2BB1382E56E58D2B950ED1D6F02031EB1F9E9713EE000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://pratum.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 6b767975e88e0e1a-MXP
expires: Thu, 02 Dec 2021 18:04:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 50ms
17ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1729
date: Thu, 02 Dec 2021 17:35:03 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 02 Dec 2021 19:35:03 GMT

GET
H2 200 custom.jpg
pratum.com/templates/avendor/images/bg/ 32 KB
33 KB 21ms
18ms Image
image/jpeg 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pratum.com/templates/avendor/images/bg/custom.jpg

Requested by

Host: pratum.com
URL: https://pratum.com/templates/avendor/css/joomla.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

76518149098afc793e282f63849efbfd20711d0d5d8bc6f09a51f8eaa1945181

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/templates/avendor/css/joomla.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 18 Oct 2017 14:31:51 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 33204
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 keyboard-overlay-blog.jpg
pratum.com/images/parallax/ 1 MB
1 MB 21ms
18ms Image
image/jpeg 192.124.249.57
SUCURI-SEC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pratum.com/images/parallax/keyboard-overlay-blog.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.57 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10057.sucuri.net

Software

nginx /

Resource Hash

dac349cb18248475f6221e4c2276603715e03d34051c82e7b9aeba9f49433bb5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Mar 2021 14:38:55 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 15007
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 1548868
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fontawesome-webfont.woff2
netdna.bootstrapcdn.com/font-awesome/4.3.0/fonts/ 55 KB
56 KB 51ms
30ms Font
font/woff2 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0

Requested by

Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.css
Origin: https://pratum.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617, 617, 617, 617
age: 1273440
cdn-cachedat: 2021-06-08 21:22:06
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 56780
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 01d2553c4ff366764fbd33c560986089
accept-ranges: bytes
cf-ray: 6b767975ace52bca-FRA
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2
fonts.gstatic.com/s/raleway/v22/ 21 KB
21 KB 50ms
17ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v22/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVvaorCIPrE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Raleway

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d94fd1a3793df0abe10fb36e59825864e1ec9623496e1e04c9cca624be01394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://pratum.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 20:35:41 GMT
x-content-type-options: nosniff
age: 77291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21028
x-xss-protection: 0
last-modified: Tue, 29 Jun 2021 19:40:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 01 Dec 2022 20:35:41 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 34ms
18ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1439877820&t=pageview&_s=1&dl=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&ul=en-us&de=UTF-8&dt=What%20Are%20Fileless%20Malware%20Attacks%3F%20-%20Pratum&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=253182232&gjid=1101513782&cid=1434701794.1638468232&tid=UA-108435497-1&_gid=1591061073.1638468232&_r=1&_slc=1&z=892223139

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pratum.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:52 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pratum.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
438 B 67ms
19ms XHR
text/plain 2a00:1450:400c:c0d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-108435497-1&cid=1434701794.1638468232&jid=253182232&gjid=1101513782&_gid=1591061073.1638468232&_u=IEBAAEAAAAAAAC~&z=729501899

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pratum.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 02 Dec 2021 18:03:52 GMT
content-type: text/plain
access-control-allow-origin: https://pratum.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
14 KB 51ms
27ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-869024229

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

9f4922667f15ec47709504b75c4433e7145f96078261bc9a11e386ca52fa18bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14328
x-xss-protection: 0
server: cafe
etag: 12503521247758841375
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 02 Dec 2021 18:03:52 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 181ms
31ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-108435497-1&cid=1434701794.1638468232&jid=253182232&_u=IEBAAEAAAAAAAC~&z=1056193960

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 179ms
30ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-108435497-1&cid=1434701794.1638468232&jid=253182232&_u=IEBAAEAAAAAAAC~&z=1056193960

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/869024229/ 3 KB
2 KB 162ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/869024229/?random=1638468232420&cv=9&fst=1638468232420&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&tiba=What%20Are%20Fileless%20Malware%20Attacks%3F%20-%20Pratum&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f83e089991d2d028c2ebed44f1c857f9212e447a4f3e2ad897ca46629e49bad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1216
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/869024229/ 42 B
154 B 24ms
24ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/869024229/?random=1638468232420&cv=9&fst=1638468000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&tiba=What%20Are%20Fileless%20Malware%20Attacks%3F%20-%20Pratum&async=1&fmt=3&is_vtc=1&random=3480350285&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/869024229/ 42 B
154 B 23ms
23ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/869024229/?random=1638468232420&cv=9&fst=1638468000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&tiba=What%20Are%20Fileless%20Malware%20Attacks%3F%20-%20Pratum&async=1&fmt=3&is_vtc=1&random=3480350285&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 85b0fc5b-5430-4eb9-897e-f27cfc8edcb6 Show response
forms.hsforms.com/embed/v3/form/8984595/ 8 KB
3 KB 218ms
199ms Script
application/javascript 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/8984595/85b0fc5b-5430-4eb9-897e-f27cfc8edcb6?callback=hs_reqwest_0&hutk=

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc0bbbf2149a2ebf76c4635239e19962682c85f4ed9ac3c8c6f336a2fb486c30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-hubspot-correlation-id: 2ca1d681-72c4-4574-a3fc-31683e0daa1f
cf-ray: 6b767979fbd74303-FRA
content-disposition: attachment; filename=no-rfd.txt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
x-trace: 2BA1CEA3572D56C873FEFD1612881BDF1F24695EFD000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 4 KB
2 KB 187ms
186ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&pid=8984595&sv=cta-embed-js-static-1.68&utm_medium=email&rdy=1&df=t&pg=3e047f1a-13ef-45b2-8e91-ad3e0812c076

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da160a6339e80d33101c1d08d752f671433868c17ed6b49da2c35b74773e8347

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: e88e636f-105c-4448-97e2-127ede773a80
access-control-allow-methods: OPTIONS, GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: noindex, follow
server: cloudflare
x-trace: 2B48FDD13DE5A78B81C1E5D20B7CD0C1F8B2E0D29B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yy%2Bk71izU2N4B%2FEEbFnEuYf0%2FcqckDaqhKFBLIigSF4MnCUZGBPXjUbvZ0dU6yM8UNLTIT2ZW4p2CbiUiBIaTmzY6IxntKMJumdP11VxjUbxMmIEXuL5c8SZczb2ooI%2FUTdylveBlepClhf9bJURaRU%2BZJhrfd17C60%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://pratum.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6b76797a6a810f56-MXP
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 81 KB
26 KB 749ms
687ms Script
application/javascript 2606:4700::6811:80ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hscollectedforms.net/collectedforms.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8984595.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:80ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a0d5fd4e0f669039bc633a2756906a92f37e5e1c814ee52ff553087053a8af2

Request headers

Referer: https://pratum.com/
Origin: https://pratum.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
via: 1.1 bfba2464a75a65b0c6568afe15f68b4c.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.253/bundles/project.js&cfRay=6b76797adddd3761-MXP
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6b76797adddd3761-MXP
last-modified: Thu, 02 Dec 2021 02:02:12 UTC
server: cloudflare
etag: W/"d27aa230fd3eb65f4283442feff0f8f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: 1eWHGaiikU6EykksaY2toL.UK9cF4mfr
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
content-type: application/javascript; charset=utf-8
x-amz-cf-id: sAz6qlW6Lx7MwkCzZO3r12pWJh5etCjXlzlJtH38oPBGsDR05CbK5Q==
x-hs-target-asset: collected-forms-embed-js/static-1.253/bundles/project.js

GET
H2 200 8984595.js Show response
js.hs-analytics.net/analytics/1638468000000/ 62 KB
20 KB 292ms
230ms Script
text/javascript 2606:4700::6811:47b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1638468000000/8984595.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8984595.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1a032f9e4253882ca45f7746d796299ff521490c6c2e005b1548872f41115b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: DKE3M3KKSFR0NEJY
x-amz-server-side-encryption: AES256
cf-ray: 6b76797adb853762-MXP
x-amz-id-2: BKe+RGYsPMdTLBHdFRPHqta6hspPIFCTCaHKLGQoRveadXYYPgljYdLzppnBG/SAQG3/KGIpFw8=
last-modified: Mon, 19 Jul 2021 17:04:51 GMT
server: cloudflare
etag: W/"801451c15b3dd4a08e4943b813d3465c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Thu, 02 Dec 2021 18:08:53 GMT

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 80 KB
21 KB 96ms
34ms Script
application/javascript 2606:4700::6811:eccc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.usemessages.com/conversations-embed.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8984595.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:eccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 768e9f571558630520b67b0e5cbd1906edbbe0d47a4b8270bbbf1147da30c1a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
via: 1.1 9349b115ae66d16aae68deb9bb5eebc2.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 58
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.9460/bundles/project.js&cfRay=6b7678106ae10f82-IAD
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Wed, 01 Dec 2021 08:10:15 UTC
server: cloudflare
etag: W/"b3a6c7ed04580e98000c3a5a624db248"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: _jOiiD.XOuBgizKr1hEb1wt0v8fSgzSl
cache-control: max-age=600
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6b76797adaebe8f3-MXP
x-amz-cf-id: QpzEiaYa2E67Ap9eyV1e8yqNO3pB4aesy3SKHyfP41tCOwPKdDIuHQ==
x-hs-target-asset: conversations-embed/static-1.9460/bundles/project.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 537 KB
87 KB 301ms
251ms Script
application/javascript 2606:4700::6811:eacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsleadflows.net/leadflows.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8984595.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dba18667e56c12b93a48df1a19f7c7da2fb7f9a3a4b0e580960bb6a64588475

Request headers

Referer: https://pratum.com/
Origin: https://pratum.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
via: 1.1 3500e6db5ae43764ed5ca43fc6d56059.cloudfront.net (CloudFront)
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1063/bundle/main/lead-flows-release.js&cfRay=6b76797acb9b3756-MXP
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
content-encoding: br
cf-ray: 6b76797acb9b3756-MXP
last-modified: Tue, 30 Nov 2021 11:18:22 UTC
server: cloudflare
etag: W/"a96dad1dd2dff1317409cbd098185a46"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
x-amz-version-id: 3qUnnow7jasz4fmPMONhN9sYmw77KMcS
access-control-allow-origin: *
cache-control: s-maxage=86400, max-age=0
x-hs-cache-status: MISS
content-type: application/javascript; charset=utf-8
x-amz-cf-id: VkyK2A3bH3x9GKX_ny7t3TIX4hI5yLQnBnRYBFBNet3BG2KNTGEPdQ==
x-hs-target-asset: lead-flows-js/static-1.1063/bundle/main/lead-flows-release.js

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 142ms
77ms Script
application/javascript 2606:4700::6811:72b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hsadspixel.net/fb.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8984595.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:72b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 830fcab93c12b9ad2a820fed85e456077ed189a100a59b3080fd807d844eeef2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
via: 1.1 0920aeb1eced22df07c9ece1cab0a555.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 119
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.257/bundles/pixels-release.js&cfRay=6b7676918c43375f-MXP
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Mon, 29 Nov 2021 05:24:28 UTC
server: cloudflare
etag: W/"a5963a9ccf6657b39b543985ec7b9634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: QEftXf9SpA6LuHCJA7K_EhxXH0zSJ6Zm
cache-control: max-age=600
x-hs-cache-status: EXPIRED
x-amz-cf-pop: IAD89-P1
cf-ray: 6b76797ad87a5a31-MXP
x-amz-cf-id: AWDmIFLHIDGwH9AD66mh5_1iZ9KMpWv_90Ank8IvaTei3ce8L5bmCg==
x-hs-target-asset: adsscriptloaderstatic/static-1.257/bundles/pixels-release.js

GET
H2 200 8984595.js Show response
js.hs-banner.com/ 60 KB
16 KB 538ms
472ms Script
text/javascript 2606:4700::6812:15bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/8984595.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/8984595.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70c42999ff8deffe868bd981029631f3c46abe5e24ba62543f8548e58c8e0415

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: TVEFHXSX7YRWJGT8
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: qULM4gr0b8copimpQs2ShTFmuNwC198Kj/a/DOi5b4KFm/OiM+rqDweXTFwTgeQ3Bcx5mDqD9YE=
timing-allow-origin: *
last-modified: Fri, 03 Sep 2021 22:04:48 GMT
server: cloudflare
etag: W/"bc498e47728afdebf6de6cdbc3357022"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: EVYo67raF00mtT_sYsSK4BjTqpcsNr2e
access-control-allow-origin: https://pratum.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 6b76797ad964599b-MXP
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Thu, 02 Dec 2021 18:08:53 GMT

GET
H3 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
3 KB 250ms
224ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=8984595&conversations-embed=static-1.9460&mobile=false&messagesUtk=349f5bb02a494705830ec354767bd3cf&traceId=349f5bb02a494705830ec354767bd3cf

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae8b42f25b142295a041fea49a7c379148d149a6cc27e8f9ad7720a80a5b7907

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Referer: https://pratum.com/
Accept-Language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
content-encoding: gzip
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 656f4d1b-a635-4f01-99e2-abe5c0fc610f
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1552
server: cloudflare
x-trace: 2B247AEB7478DD1FB3FCAF24F405EC67D10324F72B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AtaMDY8fjR8rUZRa7oTGnIn%2BEyIb%2FRaqxXa8f0kobO3ri2wIKg0cnxbmlgSepGyE1SlSfdKfN6MMU3zoNKtdYPBinmb3WSBvDePGZRUqfRoL556S5gAjmSWIO14e6tyOhhmJ4p4p%2FtggVPQBgg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://pratum.com
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
cf-ray: 6b76797cca6ed610-MXP
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 234ms
182ms Preflight
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-hubspot-messages-uri
Origin: https://pratum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
content-type: text/plain; charset=utf-8
content-length: 18
cf-ray: 6b76797b8dc359b9-MXP
access-control-allow-origin: https://pratum.com
allow: HEAD,GET,OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-hubspot-correlation-id: 8826e12b-d128-47d3-a446-19845d6ed8e6
x-trace: 2B147F17708156C23A6252123AAF19CFEE7BD53F42000000000000000000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80W3MVSwfHTV%2FZURAwgmj9KTpp9kzpWsX7tr6oSq%2FBvO0KaCmPeTvTl2XGKnMh%2BkkgJXTpuox4zu8DJukRc%2FfxfTX2InvN7mrrPsBogV%2F8Edb%2FzYxKwaSf7Wc2FxHZ9b08%2FpKuWA2NrYvdUaXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H3 200 v2.js Show response
js.hsforms.net/forms/ Frame 1A22 565 KB
144 KB 33ms
22ms Script
application/javascript 2606:4700::6811:b749
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b749 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
via: 1.1 aa6e16f47d6a0519f52b8dcfca2d841a.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 524
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
x-amz-replication-status: COMPLETED
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 22 Nov 2021 03:35:42 UTC
server: cloudflare
etag: W/"81d36b7b25dcbaadd300923b7cd32d2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwmM1QElt%2Fua4eiaHKlvlb9TIgw61HwANAGufe%2Fnbf9gMs8ODfeyFAr3i31x9tcNSQgAA3UyVCEvPuss8a6HLxyFhuJnK4S8%2FI1DKU8Mrou%2Fd32yUJev6bgILSjCsCS5%2Frc9admMtAgBmdkH"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: DbFNkSWAQliTMR.LcB9YoOy1wsVfAP3h
access-control-allow-origin: *
cache-control: s-maxage=600, max-age=0
x-hs-cache-status: HIT
x-amz-cf-pop: IAD89-P1
cf-ray: 6b76797b5c886931-FRA
x-amz-cf-id: 37erPZAQnQ1xxElskNHlv3HVaPiOD4ZLpDamdqOBWXPxo7sVWUtlKg==
x-hs-target-asset: FormsNext/static-5.415/bundles/project_with_deps.js

GET
H3 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
777 B 217ms
174ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=8984595&pg=3e047f1a-13ef-45b2-8e91-ad3e0812c076&lt=1638468232078&dt=1638468232080&at=1638468232971&sl=1&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
cf-cache-status: MISS
last-modified: Thu, 02 Dec 2021 18:03:53 GMT
server: cloudflare
x-hubspot-correlation-id: 31efc0ae-179c-4f25-af31-846343edaa4c
x-trace: 2B89AD9B0FDEA05AF646C91E79D913DB879394E72E000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5IiqWexPj%2FCkyziXuutHId0cNjcu5YTMgYv51cOYpg3DiWEJXKRkYKRFSebO6Ueg6r9JZ4mJ6efXW7wu0ezv88pDrzoUPlw3fopdENboJ5nuKAKaCwBCoB%2FRwydtxgBTQI9OcsunkfKw0N%2B6HJTtWjtkgeF3fYE7Ak%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b76797bdaac0f7a-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: noindex, follow

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
217 B 144ms
143ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: d77240b7-d167-46a2-a2c0-1148307b5b9d
cf-ray: 6b76797b89764303-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Thu, 02 Dec 2021 18:03:53 GMT
server: cloudflare
x-trace: 2B6D4D132CFFA4B7148F1DE31306E003080B6DFA67000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
172 B 437ms
437ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:53 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: e46f917b-38e3-485d-9062-07221463c6fc
cf-ray: 6b76797b89774303-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Thu, 02 Dec 2021 18:03:53 GMT
server: cloudflare
x-trace: 2BC9A61DABD6112CDF5A04BFF93EA4DEAC15092447000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 349f5bb02a494705830ec354767bd3cf Show response
app.hubspot.com/conversations-visitor/8984595/threads/utk/ Frame 8346 45 KB
17 KB 186ms
185ms Document
text/html 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/8984595/threads/utk/349f5bb02a494705830ec354767bd3cf?uuid=25e190b022e34e5ea20d06b0de509b05&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=pratum.com&inApp53=false&messagesUtk=349f5bb02a494705830ec354767bd3cf&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08c317b4f1dc3bc8950e5101dc7a7bee2f41e2ad34a70f477fc51fa52399a780

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-type: text/html; charset=utf-8
cf-ray: 6b76797e3d630f56-MXP
age: 3431
cache-control: max-age=600
etag: W/"01854cccd2026f3d9d71ecfcc9bb154f"
last-modified: Wed, 01 Dec 2021 08:10:15 UTC
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 2ca1a2664d288773b443dc5e52a8b5b9.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
access-control-allow-credentials: false
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hs-analytics.net *.hsappstatic.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com js.hubspotfeedback.com *.usemessages.com js.hubspot.com js.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net *.google-analytics.com static.hotjar.com script.hotjar.com www.googletagmanager.com *.fullstory.com fullstory.com *.convertexperiments.com cdn.pdst.fm d.impactradius-event.com cdn.getambassador.com mbsy.co pixel.cdnwidget.com snap.licdn.com connect.facebook.net js.stripe.com checkout.stripe.com survey.survicate.com surveys-static.survicate.com sdk.canva.com www.dropbox.com www.google.com www.gstatic.com apis.google.com maps.googleapis.com www.googleadservices.com tpc.googlesyndication.com googleads.g.doubleclick.net static.ads-twitter.com analytics.twitter.com play.vidyard.com app.vidyard.com fast.wistia.com fast.wistia.net s.yimg.jp www.redditstatic.com data: 'unsafe-inline' 'unsafe-eval'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-visitor-ui/static-1.11900/html/index.html&cfRay=6b76797e3d630f56&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F8984595%2Fthreads%2Futk%2F349f5bb02a494705830ec354767bd3cf%3Fuuid%3D25e190b022e34e5ea20d06b0de509b05%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Dpratum.com%26inApp53%3Dfalse%26messagesUtk%3D349f5bb02a494705830ec354767bd3cf%26url%3Dhttps%253A%252F%252Fpratum.com%252Fblog%252F515-what-are-fileless-malware-attacks%253Futm_medium%253Demail%2526_hsmi%253D190245315%2526_hsenc%253Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%2526utm_content%253D190245313%2526utm_source%253Dhs_email%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fpratum.com%2F&cfenv=prod&csp=ro
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
x-amz-cf-id: eeiCNIIet9BQ9fVoF0M4qHVAbvOCaUW7YChrNgsXK25ISAFkBZGOSg==
x-amz-cf-pop: IAD89-P1
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: N5Ffl6.4wSirPdfZt1wVHp3eEHIFJHUV
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-hs-worker-debug-mode: false
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 json Show response
forms.hubspot.com/collected-forms/v1/config/ 115 B
700 B 171ms
170ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/collected-forms/v1/config/json?portalId=8984595&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b3f238133590a4f711d8347b2bc826f8d7a596ce810844f501eff3f16cb027d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://pratum.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: da72b923-d31d-404c-a28c-8aac0e319485
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oyydhscFLZmUiw0APCgkQtGwv7UC6JiKpUIwiOuKIle8CDH0XjYc%2FcA54TYhEWy8vB182qDYsgNqepUEg%2F1Z4GVOT7lCHKvSYApLLDp5049iiJv5dqAvUl48smp8GTeLwnVPAyl%2FlyirWZIXsojw"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://pratum.com
x-robots-tag: none
access-control-allow-credentials: false
cf-ray: 6b76797fdbf559b9-MXP
access-control-allow-headers: *

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.156/ Frame 8346 44 KB
16 KB 65ms
29ms Script
application/javascript 2606:4700::6811:9d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.156/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/8984595/threads/utk/349f5bb02a494705830ec354767bd3cf?uuid=25e190b022e34e5ea20d06b0de509b05&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=pratum.com&inApp53=false&messagesUtk=349f5bb02a494705830ec354767bd3cf&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:9d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a4651c562bac53f6d33b1d8093551a818571a6b595304ba4813bc7b5d503783

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
via: 1.1 2f194b62c8c43859cbf5af8e53a8d2a7.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 946822
x-amz-server-side-encryption: AES256
cf-ray: 6b7679800ab31f4d-FRA
x-cache: Hit from cloudfront
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Thu, 12 Aug 2021 03:52:03 GMT
server: cloudflare
etag: W/"92f1fce5bc1b104818f7bb3259fa0317"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gnicDkuI7qjDIp8MLVmVPe51GlPZeOwMfkUlEh49D20qlmiFTFu%2BBiSI2846dZwB8JQR%2BjvL1BDfb0bdxFQ1btCXxvt%2FkfNExUpz42rakixkWdAyFbB4RVbXfmiFZcUI%2BPJOkpUkcsjanxhWEQ13Yn6mcFw%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: jswq3j2Kf9rTWaLEvxg.3d09mCkFqVly
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C2
content-type: application/javascript
x-amz-cf-id: JaVqUhwGQ3zee52qDkYoK1quNTJP4658Jg-eMEq9CNMbC2Ox2Ci72w==
expires: Fri, 02 Dec 2022 18:03:54 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.11843/sass/ Frame 8346 20 KB
5 KB 108ms
40ms Stylesheet
text/css 2606:4700::6811:9d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11843/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:9d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
via: 1.1 8279bca1d4905f7589e8a8f7d09741dc.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1389841
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/css
x-amz-replication-status: PENDING
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 15 Nov 2021 19:50:41 GMT
server: cloudflare
etag: W/"370a89ea102d7b437eb549729472631f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lXd7H4cHfpNJFOWXt%2B5Or7gAs7z%2FrwUIIMLCGxXqENzpvmIXYRonDaTTGL43VAcT4PtiH2N9clD3rP7nbm88%2FVvLGSzS5hOlH1Jz39DnIozufCuoQ5r%2F8kmJgy6uFom4MMm4Y33%2FicTEEB0MCiTNFqUQXLA%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: LgyvJN0nZOCplqIYlCYJJ1cibXdW_3K_
cache-control: public, max-age=31536000
x-amz-cf-pop: MXP64-C3
cf-ray: 6b7679805a593757-MXP
x-amz-cf-id: 2hRUcy8qtf5KpsAetIJv-Ma0jJu-CLh-Hh_7IKTj-5PO4fAL1Hn9PQ==
expires: Fri, 02 Dec 2022 18:03:54 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.182/ Frame 8346 292 KB
93 KB 60ms
26ms Script
application/javascript 2606:4700::6811:9d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.182/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:9d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3085916259c4ca5f755ab7ba059660e86c2955b0afc2917a41c7c63cd438eb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
via: 1.1 d2322e4264977966de69a888b2e0eba9.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1389325
x-amz-server-side-encryption: AES256
cf-ray: 6b7679800ab71f4d-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Tue, 16 Nov 2021 13:53:17 GMT
server: cloudflare
etag: W/"0afaba444335db3b8513bf83d521d7ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Id%2F1P36KO4jBznrvLgDS6fY18cSRypnBmkaNxqW%2FZFVWs0yMAXJ5LFELoh8tkyQF66ozEhgGJ3VU%2FBkBCJu30e0d1CZcRd%2F4AyJyptdnC%2FbX7KfG1KXOv6fTLVBabL3DWaheAPkQqAEfxTrqEh86SdV%2BSgU%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 7xYxyuYcj.ZgnEi8rBB5MbNifIpwLqcW
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: AMS54-C1
content-type: application/javascript
x-amz-cf-id: Kk81tbOJEm5vizDF5e_3q59kd4dq6gTHcNumUUsDqQ350-2cnibq3A==
expires: Fri, 02 Dec 2022 18:03:54 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11900/bundles/ Frame 8346 490 KB
144 KB 63ms
29ms Script
application/javascript 2606:4700::6811:9d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11900/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:9d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d50a297c1a7233817752317d0a84e60cc310f345cf0c90e7fe484bc5aa79900a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
via: 1.1 e9101023ffbe04130b9d4cac0cf9eebc.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 78814
x-amz-server-side-encryption: AES256
cf-ray: 6b7679800ab81f4d-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 29 Nov 2021 15:12:11 GMT
server: cloudflare
etag: W/"d4e362ac50dd1fc399e57b36f759f9c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=333MqGrwNQu4p9ji4viLi4EZGhE7zGjy5BAnQErk%2FCFmBw3AsOSmt98oumnXmYC9giHa%2B0FaaNnoiA7rWQQ3P%2BViXT2zqUIVPojZ1ydBRUQ3SUdIrWuXYEYpOKt%2F2H2%2Bkzz%2Bmeaipr%2BznlsUHUFMefWG54w%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: w9aJkdwLJU50kEYjgT1uSLZBtp_PSCT6
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P2
content-type: application/javascript
x-amz-cf-id: XKjpCqBf5htj4-qvo7N18z5Ws3hv_UwIqyVP5clzsSyaHHroXhuCYA==
expires: Fri, 02 Dec 2022 18:03:54 GMT

GET
H3 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.11843/ Frame 8346 776 B
1 KB 38ms
21ms Script
application/javascript 2606:4700::6811:9d2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.11843/i18n-data-data-locales-en-us.js

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11900/bundles/visitor.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:9d2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c500c5d24d202d63c5d98deb47911b262f60a819a813b70743170b5c3140fbfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
via: 1.1 d9bf8acc1da383db4531789bbb03ac07.cloudfront.net (CloudFront)
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1389840
x-amz-server-side-encryption: AES256
cf-ray: 6b7679811d8a145a-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified: Mon, 15 Nov 2021 19:50:40 GMT
server: cloudflare
etag: W/"7a4613eceda8b6851728fb8a43f7c942"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MMEeeIqzFrPRCGsyScGH2h2o%2FZS8GtVgrsTIRvixFQOOH6upP4ZW1lICQ897g%2BHT21UBQC4o4wiPdX4XHCtwKlQISHnEWMQUvMelWf8w38FtyeI6WLlGYXyzl%2B0hrla6bNV09QQIYkgy9x6y0UZNBKZ%2Bvbw%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: xHspCJB3es1m.pY6VgNnAeUho_H3l3Kq
access-control-allow-origin: https://app.hubspot.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C2
content-type: application/javascript
x-amz-cf-id: CDrZKGmjf7NWHZuhJNxiRwPCz9Vr54hmGZcMjaMGlisaKXu_yAzMPA==
expires: Fri, 02 Dec 2022 18:03:54 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
496 B 200ms
175ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 695482d2-65b3-45a8-bcff-abe87c67a81e
x-trace: 2BB4F146BE36A9F50AC41D7A3FD1FDA96400CCEAFD000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6b76798149765a1f-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
x-robots-tag: none

GET
H2 200 Pratum-Chevron.png
f.hubspotusercontent40.net/hub/8984595/hubfs/ Frame 8346 6 KB
7 KB 103ms
47ms Image
image/webp 2606:4700::6810:b772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent40.net/hub/8984595/hubfs/Pratum-Chevron.png?width=108&height=108

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:b772 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e2cff67ef4a6e1e74fe8a830858a1714cdb0ed34a2c479471e1039bba47390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
via: 1.1 066fc17b108820c747336d8f45e8ea55.cloudfront.net (CloudFront)
vary: Accept, Accept-Encoding
cf-cache-status: HIT
age: 201049
cf-polished: origFmt=png, origSize=10013
edge-cache-tag: F-44557948291,P-8984595,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Pratum-Chevron.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
content-length: 6074
x-amz-server-side-encryption: AES256
last-modified: Tue, 30 Nov 2021 02:53:05 GMT
server: cloudflare
x-cache: RefreshHit from cloudfront
etag: "6d70453db253889194fbf41a4bafd76b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cf-bgj: imgq:85,h2pri
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-P1
accept-ranges: bytes
cf-ray: 6b7679822dac3754-MXP
x-amz-cf-id: khLS0j9ZesuM3AdCyIb84pdawf_fUymkH4M1Q73TNQHzUkdyeZZvXA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12

POST
H3 204 rhumb
api.hubspot.com/cartographer/v1/ Frame 8346 0
1 KB 202ms
201ms Ping
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.11900

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.11900/bundles/visitor.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 5cde6b4a-051d-4503-94df-b53695f046cf
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FsmN6zrQfFpctTIqZ56wEn2ON6uRvXgBBYAEPZpXEHiDgbgYNk7ssKVHMGKf4Qe%2FP%2BF73C9LZ8CpcIczWKGnvASAhYTxyAFgcy0q9P%2FURX%2F0L%2BH1ICxMYG96bnfGwzpoOHISDLme52sEYXQJtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 6b767981d9ed0f7a-MXP
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 189ms
39ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: pratum.com
URL: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF0) /
Resource Hash: 00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Thu, 02 Dec 2021 18:03:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:33:56 GMT
Server: ECS (mil/6CF0)
Age: 1498
Etag: "a709ab1b2c0d5d5e7c19895f6e1dcbfd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 29104

GET
H2 200 plusone.js Show response
apis.google.com/js/ 52 KB
21 KB 64ms
40ms Script
application/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2bd1aa13c0678aad0a21d546ec44b63d8068279e796aad9bfce2eab4f0cd4bf0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/gWosCie8krBj71jpzGTGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "8785ac17277d68515ada6b0cece79f84"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-/gWosCie8krBj71jpzGTGw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Thu, 02 Dec 2021 18:03:54 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 201 KB
61 KB 181ms
44ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: pratum.com
URL: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C7A) /
Resource Hash: e052de0e53a6eb517d952968c2dc326327f967b687bb67f85fb845753a872899

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: gzip
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 1486
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 62394
x-li-uuid: AAXSLUSB4cMC47/cqvAqaA==
server: ECAcc (mil/6C7A)
last-modified: Thu, 02 Dec 2021 17:39:08 GMT
x-li-pop: prod-lor1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-lor1
expires: Thu, 2 Dec 2021 18:39:08 GMT

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
480 B 283ms
282ms Image
image/gif 2606:4700::6810:5905
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5905 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
vary: Accept-Encoding
cf-cache-status: MISS
x-hubspot-correlation-id: aa4e7937-c958-48d7-bfe3-6b8004fa4af7
cf-ray: 6b7679828e0d5a1f-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 35
last-modified: Thu, 02 Dec 2021 18:03:54 GMT
server: cloudflare
x-trace: 2B1931438D2E1AC723B542DF391A282380231C1AE0000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
576 B 167ms
156ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=85b0fc5b-5430-4eb9-897e-f27cfc8edcb6&fci=5ed5b7a8-b700-4591-b571-e7f71b14e7e3&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=808429732&v=1.1&a=8984595&pu=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&t=What+Are+Fileless+Malware+Attacks%3F+-+Pratum&cts=1638468234073&vi=932c7a1031ad7ac8a2bef936bb00ab7a&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 512e7e66-98ba-4a84-bdb9-5a1486194f0d
cf-ray: 6b767982996e0f56-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RerYqhqYkBlA1%2FyzCaW7dEyBiilRw%2FLkcgpahflvDq0HGPJ%2FZ9X8QmZnvgSE8HbjiSUjD04ThmDUzAGHRnN2o1Trkc0sIZT9w7%2BUKasnEcRC2Sg5Q1h51EqR11hfd0t1IJ1HQAqdfJbdcuW1SLOG"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
366 B 183ms
173ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223e047f1a-13ef-45b2-8e91-ad3e0812c076%22%2C%22b124a078-bd07-45a9-802f-e708be16c78b%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=808429732&v=1.1&a=8984595&pu=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&t=What+Are+Fileless+Malware+Attacks%3F+-+Pratum&cts=1638468234078&vi=932c7a1031ad7ac8a2bef936bb00ab7a&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: d22435d8-2076-4bd3-9046-bb19cf424baa
cf-ray: 6b767982995f0f56-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYrycMnzXvFZbFEqk3NUx5L6JeStogNAEM%2Bgw8%2FHg8b%2BoIZ3qg8FPXco6WZstLrVw9nRN3lVH2vG9u8JFXI%2FvVQQ3xMTAlvUPElI%2F%2F0MNjo4I0Ow3zq9NFSLxqnzcqpv9ByJY5RWHphM%2FooyOAcM"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
361 B 177ms
168ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=85b0fc5b-5430-4eb9-897e-f27cfc8edcb6&fci=5ed5b7a8-b700-4591-b571-e7f71b14e7e3&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=808429732&v=1.1&a=8984595&pu=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&t=What+Are+Fileless+Malware+Attacks%3F+-+Pratum&cts=1638468234079&vi=932c7a1031ad7ac8a2bef936bb00ab7a&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 6e2bc0d8-be8f-4021-88a9-8a8c5c57a6b6
cf-ray: 6b76798299660f56-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1eYquMmwCRH24ATOUOzxJcNQnLCxiKD90VKvd8KitkFFF6R2TC0oBtgMIZw14INGzoUfRDnFIgbUFqW4A%2BYVdE47LgLYr2Y8eRnI4mAjH0C%2Fepcp%2FRFiqyjJ%2BhbyUfkmJZARXjgNtHiOyMj%2BDAmt"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
410 B 171ms
161ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=808429732&v=1.1&a=8984595&pu=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&t=What+Are+Fileless+Malware+Attacks%3F+-+Pratum&cts=1638468234083&vi=932c7a1031ad7ac8a2bef936bb00ab7a&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 266293a9-ecf8-48bd-8521-86d3ff4c37fe
cf-ray: 6b767982996d0f56-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HfrfcYdCP77Y18zxA9LmELRn5wGorZhNi6TZQg06RKFUCTjjTPF5ax83U8vJCo%2Fo7BEGSJYfeJMRYU%2FYR3M%2BbdvWmm9ak5A6Hf5IiS61xJnv5SAq5LriPCExlvXibQ8C7pPpgQDGf4nPWXa5hSdm"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 67 B
946 B 321ms
263ms XHR
application/json 2606:4700::6811:c8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=8984595

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c8cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

18193d54c542aecede72351e2b5daac4d78836e5c37d0744093c5cacc54a0a9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: a32bd47a-c235-4ee9-82bb-d4a3403d5ca6
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server: cloudflare
x-trace: 2BAE9C23A32D39859ACAE8062A8AD1E7FC814E54DE000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ab6wozJ3F5whrrUDcHb%2FcdyGL%2B4Ry2YkD4Lfzp4ldBXx3TUBmXW8flZK4%2BDiiG3RbYqbBV7STcSElBK9RugZ7vPVXH6KIwQN%2FXHWh0uMr%2BeAr0cWzj%2FmacKWfB%2FQwn4ycZ3fnOOJUQWk%2Bdgb"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://pratum.com
access-control-allow-credentials: false
cf-ray: 6b767982ec6c59c5-MXP
access-control-allow-headers: *

GET
H3 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 2 KB
2 KB 211ms
210ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=8984595&utk=932c7a1031ad7ac8a2bef936bb00ab7a&__hstc=240358044.932c7a1031ad7ac8a2bef936bb00ab7a.1638468234069.1638468234069.1638468234069.1&__hssc=240358044.1.1638468234070&currentUrl=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

769823e1562de19d970aa17e779b6eee3b9e4b848ce5870e1def10bfed868b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 0517e72f-e470-41f4-9e62-fd96ded51361
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-robots-tag: none
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqRKuKtE86z%2B2EJAVwZANYS7BY8bnVxRv5NY8Tr%2BkVirPgb5WPVaIrJulm743QoBVhy2Df%2BmGqXzLVIb8BY2HXHsuOWngo6pYw7rCp86ofIQvVNJejwl%2FjiwCG5q4uizQGNFd6xziiMFrE%2BKUMBO"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
access-control-allow-origin: https://pratum.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
cf-ray: 6b767982df18d610-MXP
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 194 KB
65 KB 29ms
13ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad64b19bb17a8692401f74fc8d4496e921c08eec395223742b435b2fba161570

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 14:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66967
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 14:27:05 GMT

GET
H3 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ 75 KB
26 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30db8b2da6035a427a3f61fc706eb27f30d602df105fcc9c92ade79277536bd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 14:27:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99409
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26703
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 14:27:05 GMT

GET
H3 404 fastbutton Show response
apis.google.com/u/0/se/0/_/+1/ Frame 1B5E 2 KB
2 KB 14ms
8ms Document
text/html 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by: Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1585
date: Thu, 02 Dec 2021 18:03:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 404 sharebutton Show response
apis.google.com/u/0/se/0/_/+1/ Frame 1033 2 KB
2 KB 12ms
8ms Document
text/html 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://apis.google.com/u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&annotation=none&action=share&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__
Requested by: Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 8bd139c393a6ca591e9f29d1c15fa1211cfdc287722455328140f6eb18a6d070

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/

Response headers

content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 1586
date: Thu, 02 Dec 2021 18:03:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 1B5E 3 KB
3 KB 31ms
15ms Image
image/png 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Host: apis.google.com
URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apis.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 02 Dec 2021 18:03:54 GMT

GET
H3 200 googlelogo_color_150x54dp.png
www.google.com/images/branding/googlelogo/1x/ Frame 1033 3 KB
3 KB 39ms
23ms Image
image/png 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png

Requested by

Host: apis.google.com
URL: https://apis.google.com/u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&annotation=none&action=share&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://apis.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
server: sffe
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: private, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3170
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 02 Dec 2021 18:03:54 GMT

GET
H2 200 postmessageRelay Show response
accounts.google.com/o/oauth2/ Frame E93E 565 B
858 B 43ms
19ms Document
text/html 2a00:1450:4001:810::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fpratum.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=auth/exm=plus,plusone/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e191ea46b8480ffa03ea622b5bb41054c64a6aa6e4053646a052ba2e28fd0b6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ht0frVn+WZs02L6Cn7YZRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 Dec 2021 18:03:54 GMT
content-security-policy: script-src 'report-sample' 'nonce-Ht0frVn+WZs02L6Cn7YZRw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html Show response
platform.twitter.com/widgets/ Frame D367 319 KB
103 KB 38ms
38ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fpratum.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CE7) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2998
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 02 Dec 2021 18:03:54 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 18 Oct 2021 18:32:00 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mil/6CE7)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 796779910-postmessagerelay.js Show response
ssl.gstatic.com/accounts/o/ Frame E93E 10 KB
5 KB 48ms
8ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/796779910-postmessagerelay.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fpratum.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 30 Nov 2021 18:58:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4295
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 19:09:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
vary: Accept-Encoding
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Nov 2022 18:58:33 GMT

GET
H3 200 rpc:shindig_random.js Show response
apis.google.com/js/ Frame E93E 13 KB
5 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/rpc:shindig_random.js?onload=init

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8HNdyzwKDvYsTT7gTk6eQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "3fc975e12af4bcde7e44fdb36bca1117"
x-frame-options: SAMEORIGIN
report-to: {"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-8HNdyzwKDvYsTT7gTk6eQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires: Thu, 02 Dec 2021 18:03:54 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/ Frame E93E 51 KB
18 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.de.1oGqGyIIxrg.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Wed, 01 Dec 2021 14:24:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18237
x-xss-protection: 0
last-modified: Sat, 30 Oct 2021 15:20:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding, Origin
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Dec 2022 14:24:58 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 942 B
608 B 18ms
18ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=explicit

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a47337b001e349920019b1439b450fd86d8c4aeec26b0262775852b83fba2877

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 587
x-xss-protection: 1; mode=block
expires: Thu, 02 Dec 2021 18:03:54 GMT

GET
H3 200 __ptq.gif
track.hubspot.com/ 45 B
745 B 149ms
147ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=bce00052-a7e6-4129-97c7-6cad223a0d69&lfi=2183383&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=808429732&v=1.1&a=8984595&pu=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&t=What+Are+Fileless+Malware+Attacks%3F+-+Pratum&cts=1638468234351&vi=932c7a1031ad7ac8a2bef936bb00ab7a&nc=true&u=240358044.932c7a1031ad7ac8a2bef936bb00ab7a.1638468234069.1638468234069.1638468234069.1&b=240358044.1.1638468234070&cc=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:55 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 856bd238-d9f8-47ae-aa4a-1f399a9e43a9
cf-ray: 6b7679843f720f7a-MXP
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccLChsaGAH8kxV1x7AeXvrim1TjLbsXk%2BihzK1XRdXfvci8%2Bz%2B3rVDO77BKvDBVY%2Fz9THhAd6d%2BXFxT%2FC8pfZiIK9JUY4wnYIyqcDIF9Om9OasAJut7VWwJW3iBhjL5MX8DVHNY0iJZvrZVSjpr2"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 settings Show response
syndication.twitter.com/ Frame D367 232 B
447 B 143ms
120ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=7f1dad1c5c0d06584c26140abdb118eb82629ddb

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=https%3A%2F%2Fpratum.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-response-time: 112
date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: gzip
last-modified: Thu, 02 Dec 2021 18:03:55 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 0a070caa1ec549c44207eb6ebc07cd557ca9b32d1e675a06242dbf13b8a37cdc
content-length: 166

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/ 347 KB
136 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/_7Co1fh8iT2hcjvquYJ_3zSP/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pratum.com/
Origin: https://pratum.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 17:44:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1168
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138691
x-xss-protection: 0
last-modified: Mon, 15 Nov 2021 05:04:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Fri, 02 Dec 2022 17:44:26 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 97 KB
39 KB 35ms
20ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-869024229

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18716a1b6ec67b56b0a33bccc8361db168fa00ddf0f0d5281b52ebac3bcdf522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39570
x-xss-protection: 0
expires: Thu, 02 Dec 2021 18:03:54 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/869024229/ 3 KB
1 KB 38ms
22ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/869024229/?random=1638468234412&cv=9&fst=1638468234412&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&tiba=What%20Are%20Fileless%20Malware%20Attacks%3F%20-%20Pratum&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e58d452fa6f83450118819396fc701b12344f047858f59d7e7610e016e0d486d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1218
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/869024229/ 42 B
64 B 33ms
33ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/869024229/?random=1638468234412&cv=9&fst=1638468000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&tiba=What%20Are%20Fileless%20Malware%20Attacks%3F%20-%20Pratum&async=1&fmt=3&is_vtc=1&random=1882684710&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/869024229/ 42 B
64 B 40ms
23ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/869024229/?random=1638468234412&cv=9&fst=1638468000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaba1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email&tiba=What%20Are%20Fileless%20Malware%20Attacks%3F%20-%20Pratum&async=1&fmt=3&is_vtc=1&random=1882684710&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Dec 2021 18:03:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js Show response
platform.twitter.com/js/ 7 KB
3 KB 38ms
38ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF0) /
Resource Hash: 186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Thu, 02 Dec 2021 18:03:55 GMT
Content-Encoding: gzip
Last-Modified: Mon, 18 Oct 2021 18:31:51 GMT
Server: ECS (mil/6CF0)
Age: 2999
Etag: "e8090d17c9828f5a217bebb39dd3e689+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2294

GET
H/1.1 200
OK tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html Show response
platform.twitter.com/widgets/ Frame 0179 32 KB
12 KB 38ms
37ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.a53eecb4584348a2ad32ec2ae21f6eae.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (mil/6CF0) /
Resource Hash: d94cce9ec0cffd5417657d26aa1741a7e3b2b0a5f4232a80d789c1a254c4e2ef

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2994
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Thu, 02 Dec 2021 18:03:55 GMT
Etag: "89e8ce4106e3294685b0af818d97b80c+gzip"
Last-Modified: Mon, 18 Oct 2021 18:31:56 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (mil/6CF0)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12235

GET
DATA 200
OK truncated
/ Frame 0179 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
357 B 116ms
116ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks%3Futm_medium%3Demail%26_hsmi%3D190245315%26_hsenc%3Dp2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ%26utm_content%3D190245313%26utm_source%3Dhs_email%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1638468234768%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22f001879%3A1634581029404%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Thu, 02 Dec 2021 18:03:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 108
pragma: no-cache
last-modified: Thu, 02 Dec 2021 18:03:55 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 0a070caa1ec549c44207eb6ebc07cd557ca9b32d1e675a06242dbf13b8a37cdc
x-transaction: 9dfaaaf5d42fbacf
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 Newsletter%20Subscribe_pratum_20210728_PXX.png
f.hubspotusercontent40.net/hubfs/8984595/ 104 KB
105 KB 894ms
894ms Image
image/png 2606:4700::6810:b772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent40.net/hubfs/8984595/Newsletter%20Subscribe_pratum_20210728_PXX.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:b772 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a58ac8b2a383eeb46e24d093465f103a7199ff3798ea1e8c452ec29c3e453ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pratum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-55763274391,P-8984595,FLS-ALL
x-amz-request-id: MR4JGY4T0N3FZ9H7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-55763274391,P-8984595,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 12
etag: "d1ac42d0145dd030e6a052ac512849bb"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis: 1632258288632
date: Thu, 02 Dec 2021 18:03:56 GMT
via: 1.1 6266dd3ac90488da9055f1b5c43dd139.cloudfront.net (CloudFront)
cf-cache-status: MISS
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-meta-index-tag: none
content-length: 106772
x-amz-id-2: j6tt142+cCTF0B9k2UDvbSGRWMhHgBxRso7GXPiKShba4tUwIZRosOMDSbky6FzDTFmnbU6AG7Q=
last-modified: Tue, 21 Sep 2021 21:04:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-version-id: R5.XRZ.Xw5IPC1CjlR3BK34fML.Hs7W7
accept-ranges: bytes
cf-ray: 6b76798a7e893754-MXP
x-amz-cf-id: cmJoj0LmQoakapVMqJADyzeBR1eXrD-XGn-QLB2qn2r1sKhJZdW3qA==

Verdicts & Comments Add Verdict or Comment

127 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pratum.com/	1969-12-31 23:59:59	Name: 7a66acaef6e31f6c293abc45d7c2c472 Value: 1e73734af83e616605942edfb9cd83c7
.pratum.com/	1970-01-20 16:39:00	Name: _ga Value: GA1.2.1434701794.1638468232
.pratum.com/	1970-01-19 23:09:14	Name: _gid Value: GA1.2.1591061073.1638468232
.pratum.com/	1970-01-19 23:07:48	Name: _gat Value: 1
.pratum.com/	1970-01-20 01:17:24	Name: _gcl_au Value: 1.1.446933785.1638468232
.hubspot.com/	1970-01-19 23:07:50	Name: __cf_bm Value: aFrujUuZigPwwcXAbJ6V_iSwgE.MLugveBmPvbOqMF4-1638468232-0-AVGrDrK20bJXcfk8YybYL0AwX+hS4nxIqwH63nqwNU4Ol9omW6sakvjBSU57fIhpUwUjjnUoHlAYI1laLF+JuQ8=
.pratum.com/	1970-01-20 08:29:24	Name: messagesUtk Value: 349f5bb02a494705830ec354767bd3cf
.pratum.com/	1970-01-20 08:29:24	Name: __hstc Value: 240358044.932c7a1031ad7ac8a2bef936bb00ab7a.1638468234069.1638468234069.1638468234069.1
.pratum.com/	1970-01-20 08:29:24	Name: hubspotutk Value: 932c7a1031ad7ac8a2bef936bb00ab7a
.pratum.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.pratum.com/	1970-01-19 23:07:50	Name: __hssc Value: 240358044.1.1638468234070
.google.com/	1970-01-20 03:31:19	Name: NID Value: 511=I7qPLgyDQNF9U5GfrUFDTUs_sZ4B5vDtS-L8p9MTQb8MUwB1c_ainCLqR0Hwz1G9KW5eYQNFrMqeBn2j_uDPsWtHYuF1tP-E9uq0qn6YlHzsqngoHTTUU4Y8-WJmJylBZDYcX8yGIf5IwvsyZ2WRtmvwREL4wai8MROaPHC3qYw
.doubleclick.net/	1970-01-20 08:29:24	Name: IDE Value: AHWqTUkRdVASBeqQ251QNSiJvb-jQqIlGoDDtFfg3gxOKDZf0Am5oQwdiiidvLjq

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network	error	URL: https://pratum.com/blog/515-what-are-fileless-malware-attacks?utm_medium=email&_hsmi=190245315&_hsenc=p2ANqtz-9_RpDCPqESLIN0qVtGa1UnGkZIe86Hf3f3n_ugvoLwblNcwFGF56jhSFn48v56pekJzxHnEpcDeSO7Y3JGGKUVF1WIKQ&utm_content=190245313&utm_source=hs_email Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=medium&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh&id=I0_1638468234149&_gfid=I0_1638468234149&parent=https%3A%2F%2Fpratum.com&pfname=&rpctoken=11919832 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://apis.google.com/u/0/se/0/_/+1/sharebutton?plusShare=true&usegapi=1&annotation=none&action=share&hl=en&origin=https%3A%2F%2Fpratum.com&url=https%3A%2F%2Fpratum.com%2Fblog%2F515-what-are-fileless-malware-attacks&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.de.1oGqGyIIxrg.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCOi-QLH9bWsMMs2gBCmTBNxHaIHgg%2Fm%3D__features__#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh&id=I1_1638468234156&_gfid=I1_1638468234156&parent=https%3A%2F%2Fpratum.com&pfname=&rpctoken=41074218 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
api.hubapi.com
api.hubspot.com
apis.google.com
app.hubspot.com
cta-service-cms2.hubspot.com
d1337p04.na1.hubspotlinks.com
f.hubspotusercontent40.net
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hscta.net
js.hsforms.net
js.hsleadflows.net
js.usemessages.com
netdna.bootstrapcdn.com
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
pratum.com
ssl.gstatic.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
track.hubspot.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
104.244.42.200
142.250.184.194
192.124.249.57
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:5905
2606:4700::6810:b772
2606:4700::6811:47b0
2606:4700::6811:72b0
2606:4700::6811:80ab
2606:4700::6811:9d2
2606:4700::6811:b749
2606:4700::6811:c8cc
2606:4700::6811:d5cc
2606:4700::6811:dfcc
2606:4700::6811:eacc
2606:4700::6811:eccc
2606:4700::6812:15bf
2606:4700::6812:1e69
2606:4700::6812:acf
2606:4700::6813:9a53
2a00:1450:4001:801::200e
2a00:1450:4001:808::2004
2a00:1450:4001:809::200e
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:810::200d
2a00:1450:4001:812::2003
2a00:1450:4001:828::2003
2a00:1450:4001:82b::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:400c:c0d::9a
008948cbaff4ddbfe3153c6088c5205b73c3803563cf97a55a47359623f496f1
00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d
020d1a573669e72a8e8683c79172d665c5715159411eca3be5ad54bc154d5895
04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2
08c317b4f1dc3bc8950e5101dc7a7bee2f41e2ad34a70f477fc51fa52399a780
0a0d5fd4e0f669039bc633a2756906a92f37e5e1c814ee52ff553087053a8af2
0a56234241a7dd6d1f2a13b3d521d260c999c9bf50e97f255859649775eec6ee
139ef45414de3cfdd6f9f835e1c6c823e272077d681e1f7002ad2337adfe763e
14e619a4bceb4cafa0cf1832e59d42897bdf87be967a4781d8b5f3bb8852702a
18193d54c542aecede72351e2b5daac4d78836e5c37d0744093c5cacc54a0a9c
1823ecd2a8994f9d78e310dd5716bc7532b95c68db40ee69fb35b05ee09aea58
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66
18716a1b6ec67b56b0a33bccc8361db168fa00ddf0f0d5281b52ebac3bcdf522
1a4651c562bac53f6d33b1d8093551a818571a6b595304ba4813bc7b5d503783
1d94fd1a3793df0abe10fb36e59825864e1ec9623496e1e04c9cca624be01394
1df72eb0c6f570ba6c078ebea6e42747f7e11f68bcccdb8c528f85ef39d46df0
1e191ea46b8480ffa03ea622b5bb41054c64a6aa6e4053646a052ba2e28fd0b6
20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc
29649dd5311ae06eb0639f2655f35be5da744bf41556d1a1c32d326994d77869
2aac45af52da68ebf3c21a445208b8ce755dc8caa52ce4f411bb1821e1614334
2bd1aa13c0678aad0a21d546ec44b63d8068279e796aad9bfce2eab4f0cd4bf0
2fc32c6620e847577a044afffca63a5003226db0085534477e6fdf5012c5e0fe
302ecfd3dcafa8174d1609465dda4fdaf6150d74883e8fddd3944e4d03cfa7d0
30db8b2da6035a427a3f61fc706eb27f30d602df105fcc9c92ade79277536bd4
326ffedb17cf069bdc342759a21bf78461179b48fe9047d0e4636e3c6115ad9d
36a326c783a12f72498d41fb32371da87fe0cbd1595248f3f154fd939f07f10c
3a9cbcbec8f6ed3bbe0262a9354405bd8855566f0340a5044a49b4febf4ae91d
3b892aba7aa482b252130b67278e4bdeabb56afab3440ea345ad4f6d3cbb4e0c
4022df340e2569efe0a37313630d18ccd282e9dd5ef78c6ddc786fd6e95a34ea
474754d75548fad740bb581e4b0596cb9a1c0b47cfc03f8a6e273cc6da9b9080
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
59e2cff67ef4a6e1e74fe8a830858a1714cdb0ed34a2c479471e1039bba47390
5a56785af1559e3ea1c353f3ad370e79e5105f43837571449011b0df877f8eb7
5b3f238133590a4f711d8347b2bc826f8d7a596ce810844f501eff3f16cb027d
5c64d0abdeca7f9173914ec120bc8100700ffd28ac2e644caca8ca80403a9dd1
661f13b4f4113a7586e0bc41c176010b085fc233eb44d0f60616ca00c0e7d5fc
69d6d79ddea8e76e73fe6c9ce4f47d45a1cb469abf497c49ef573f3fed046dd5
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6dd19753205a348c50fce29f867f3b02c1daac5f8874fe3ab37d5574502a70de
6f83e089991d2d028c2ebed44f1c857f9212e447a4f3e2ad897ca46629e49bad
70b5f9d79b04494b4cec69cb88eb6bf824c5c9e3cdf03b120f77b44085b9f637
70c42999ff8deffe868bd981029631f3c46abe5e24ba62543f8548e58c8e0415
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
76518149098afc793e282f63849efbfd20711d0d5d8bc6f09a51f8eaa1945181
768e9f571558630520b67b0e5cbd1906edbbe0d47a4b8270bbbf1147da30c1a2
769823e1562de19d970aa17e779b6eee3b9e4b848ce5870e1def10bfed868b7a
76e2bca54d321dfd4cebf8797b2c9a81ccb1c0619d4da3a7c53d4e6228c5a61d
7dba18667e56c12b93a48df1a19f7c7da2fb7f9a3a4b0e580960bb6a64588475
830fcab93c12b9ad2a820fed85e456077ed189a100a59b3080fd807d844eeef2
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858a841eeb944e8246888743c6aad09d3591f56986d7e4a8ef7a5f61c5d6c9b2
869ac15c910a336a380f77c870aeb154ee77d1c56e6450dd0d7b85877b2b4bc1
89ae0ddffe264c2a5978bb2462602ac695ef65d8c05f64e08b8f3c0825b95d15
8bd139c393a6ca591e9f29d1c15fa1211cfdc287722455328140f6eb18a6d070
8f57f926ba6c5873973da65dafa127b5a10efcaa3bd2dbc08b9f7a8cb066fad6
98333312a99b4c67911a1c1d4bddda30653715ffa23ea460fe385fa1987b39ba
9f4922667f15ec47709504b75c4433e7145f96078261bc9a11e386ca52fa18bb
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a47337b001e349920019b1439b450fd86d8c4aeec26b0262775852b83fba2877
a58ac8b2a383eeb46e24d093465f103a7199ff3798ea1e8c452ec29c3e453ea7
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ac15d1868a55adcea61641c78efbb86feda3a65882f21bfe9fedd7348fb54be8
ac3f3a757bfbfc9d92bc8f5e6e6362e5d4ae41dbf3cebacdda9b8f71afc82e5b
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad64b19bb17a8692401f74fc8d4496e921c08eec395223742b435b2fba161570
ae8b42f25b142295a041fea49a7c379148d149a6cc27e8f9ad7720a80a5b7907
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b33647812966e950d652ec553e1ae58cd5d46f61b5309ff74cbaf8bd0db0254e
b7c0478efaaedfc72ae5a3b7abe296ffdc2021bc4075666b45a24ccbabae5361
bbf83f7a7557c776594fd31827585c9e86e97909cae65bd4fa5637fc502760b3
bc0bbbf2149a2ebf76c4635239e19962682c85f4ed9ac3c8c6f336a2fb486c30
bc12b83b7c153e06b04925531383849c2dcaa682b2637b7606b0dd513e0806b2
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c224282471c8dce39b4177897bb65314ebebd61cf1137a439b20372a0792a74b
c374efba54279628793f04e10ebf5d0c1b4dbc36b3f4132d9235f01d64ca5c8e
c500c5d24d202d63c5d98deb47911b262f60a819a813b70743170b5c3140fbfd
c51fcea6c8ef9450d9c9029c3cadebffa2e80a89561fbe1c42c58ca37b835818
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c745fa43ed937d94efa0c13eb43061475d7f0c76fb765e7f12522da3bda8f6a8
cdd181db7783304f7ba9fcc1890d17482e4513d995d2ad522390b48ebfe2c2b3
d1a032f9e4253882ca45f7746d796299ff521490c6c2e005b1548872f41115b5
d3085916259c4ca5f755ab7ba059660e86c2955b0afc2917a41c7c63cd438eb4
d50a297c1a7233817752317d0a84e60cc310f345cf0c90e7fe484bc5aa79900a
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
d94cce9ec0cffd5417657d26aa1741a7e3b2b0a5f4232a80d789c1a254c4e2ef
da160a6339e80d33101c1d08d752f671433868c17ed6b49da2c35b74773e8347
dac349cb18248475f6221e4c2276603715e03d34051c82e7b9aeba9f49433bb5
dbef5e5530003b7233e944856c23d1437902a2d3568cdfd2beaf2166e9ca9139
dc10eb4c3193b2a9e85d3e011075c703c98d79e86dee2c8647311db2f1dfeb4b
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e052de0e53a6eb517d952968c2dc326327f967b687bb67f85fb845753a872899
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58d452fa6f83450118819396fc701b12344f047858f59d7e7610e016e0d486d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2961ef025e9598bbc17229d642d373a9eb7feaa927ac1149a1bfc546d31caed
f348544fc10b4a29072e8eaf28d831cf9ab23e274d30b16825c1acfd3418832e
f5610dca639dfbc602be3ad30b5e98bff001f6f61d4ce0a618fe8ae3e6906059
f9865f7ce5423db703d455d6e0d56fcc241d651c2128cd384a391601d65cec1e
fd8496b904ded0ea8472d611839277a6a8091398ededfd2aa6b57f2eba97a3df

pratum.com Open in urlscan Pro 192.124.249.57 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

115 Requests

100 %HTTPS

91 %IPv6

27 Domains

39 Subdomains

34 IPs

3 Countries

6177 kBTransfer

9430 kBSize

13 Cookies

5 Outgoing links

Page URL History

Redirected requests

115 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

pratum.com Open in urlscan Pro
192.124.249.57 Public Scan

Screenshot
Live screenshot

Full Image

115
Requests

100 %
HTTPS

91 %
IPv6

27
Domains

39
Subdomains

34
IPs

3
Countries

6177 kB
Transfer

9430 kB
Size

13
Cookies

115 HTTP transactions
1 data transactions