URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-gov...
Submission: On November 15 via api from TR — Scanned from DE

Summary

This website contacted 37 IPs in 4 countries across 30 domains to perform 110 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com. The Cisco Umbrella rank of the primary domain is 186976.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on April 4th 2023. Valid for: a year.
This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
35 2a02:e980:107... 19551 (INCAPSULA)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 185.89.210.90 29990 (ASN-APPNEX)
1 2600:9000:211... 16509 (AMAZON-02)
2 34.96.102.137 396982 (GOOGLE-CL...)
1 13.32.27.75 16509 (AMAZON-02)
7 104.16.95.80 13335 (CLOUDFLAR...)
1 142.250.186.66 15169 (GOOGLE)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 184.31.85.59 16625 (AKAMAI-AS)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:206... 16509 (AMAZON-02)
1 18.159.73.23 16509 (AMAZON-02)
1 2.17.100.193 20940 (AKAMAI-ASN1)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
5 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.245.86.73 16509 (AMAZON-02)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2606:4700:440... 13335 (CLOUDFLAR...)
4 18.196.251.91 16509 (AMAZON-02)
3 4 2620:1ec:21::14 8068 (MICROSOFT...)
2 13.107.42.14 8068 (MICROSOFT...)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 2a03:2880:f17... 32934 (FACEBOOK)
1 192.28.144.124 15224 (OMNITURE)
4 2600:9000:215... 16509 (AMAZON-02)
1 2 142.250.186.166 15169 (GOOGLE)
1 95.101.148.198 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
110 37
Apex Domain
Subdomains
Transfer
35 proofpoint.com
www.proofpoint.com — Cisco Umbrella Rank: 186976
1 MB
7 marketo.com
app-abj.marketo.com — Cisco Umbrella Rank: 467759
145 KB
7 sharethis.com
platform-api.sharethis.com — Cisco Umbrella Rank: 4214
buttons-config.sharethis.com — Cisco Umbrella Rank: 4712
l.sharethis.com — Cisco Umbrella Rank: 4359
platform-cdn.sharethis.com — Cisco Umbrella Rank: 9006
51 KB
7 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3040
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 105
1 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 377
px4.ads.linkedin.com — Cisco Umbrella Rank: 6003
3 KB
6 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
4788165.fls.doubleclick.net — Cisco Umbrella Rank: 374127
5 KB
5 g2crowd.com
tracking.g2crowd.com — Cisco Umbrella Rank: 8571
3 KB
4 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 2977
9 KB
4 google.de
www.google.de — Cisco Umbrella Rank: 6862
733 B
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 24529
ibc-flow.techtarget.com — Cisco Umbrella Rank: 22103
2 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 366
14 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
294 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
90 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 778
19 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3497
7 KB
2 geoip-js.com
geoip-js.com — Cisco Umbrella Rank: 14707
2 KB
2 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2958
2 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 495
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
1 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1982
564 B
1 mktoresp.com
309-rhv-619.mktoresp.com — Cisco Umbrella Rank: 368253
318 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 110
185 B
1 driftt.com
js.driftt.com — Cisco Umbrella Rank: 5586
61 KB
1 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5465
17 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 KB
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 145
19 KB
1 ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 18105
233 B
1 ml-attr.com
s.ml-attr.com — Cisco Umbrella Rank: 14796
279 B
1 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1969
50 KB
0 avocet.io Failed
ads.avocet.io Failed
110 30
Domain Requested by
35 www.proofpoint.com www.proofpoint.com
7 app-abj.marketo.com www.proofpoint.com
app-abj.marketo.com
5 tracking.g2crowd.com www.proofpoint.com
4 platform-cdn.sharethis.com www.proofpoint.com
4 px.ads.linkedin.com 3 redirects snap.licdn.com
4 tags.srv.stackadapt.com www.proofpoint.com
tags.srv.stackadapt.com
4 www.google.de www.proofpoint.com
3 www.google.com www.proofpoint.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.proofpoint.com
3 region1.analytics.google.com www.googletagmanager.com
3 www.googletagmanager.com www.proofpoint.com
www.googleoptimize.com
2 4788165.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 px4.ads.linkedin.com www.proofpoint.com
4788165.fls.doubleclick.net
2 connect.facebook.net www.proofpoint.com
connect.facebook.net
2 snap.licdn.com www.proofpoint.com
snap.licdn.com
2 munchkin.marketo.net www.proofpoint.com
munchkin.marketo.net
2 geoip-js.com www.proofpoint.com
geoip-js.com
2 dev.visualwebsiteoptimizer.com www.proofpoint.com
2 secure.adnxs.com 2 redirects
2 googleads.g.doubleclick.net www.googletagmanager.com
www.googleadservices.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
1 adservice.google.com 4788165.fls.doubleclick.net
1 pixel.mathtag.com 4788165.fls.doubleclick.net
1 309-rhv-619.mktoresp.com munchkin.marketo.net
1 www.facebook.com www.proofpoint.com
1 trk.techtarget.com www.proofpoint.com
1 js.driftt.com www.proofpoint.com
1 j.6sc.co www.proofpoint.com
1 l.sharethis.com platform-api.sharethis.com
1 buttons-config.sharethis.com platform-api.sharethis.com
1 fonts.googleapis.com www.proofpoint.com
1 www.googleadservices.com www.proofpoint.com
1 platform-api.sharethis.com www.proofpoint.com
1 attr.ml-api.io www.proofpoint.com
1 s.ml-attr.com 1 redirects
1 www.googleoptimize.com www.proofpoint.com
0 ads.avocet.io Failed www.googletagmanager.com
110 39
Subject Issuer Validity Valid
proofpoint.com
Sectigo RSA Organization Validation Secure Server CA
2023-04-04 -
2024-04-03
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh
www.google.de
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01
2023-10-24 -
2024-04-21
6 months crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2023-07-06 -
2024-07-06
a year crt.sh
sharethis.com
Amazon RSA 2048 M02
2023-05-20 -
2024-06-17
a year crt.sh
app-abj.marketo.com
Cloudflare Inc ECC CA-3
2023-04-05 -
2024-04-04
a year crt.sh
www.googleadservices.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-17 -
2024-05-16
a year crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-02-06 -
2024-02-05
a year crt.sh
www.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
6sc.co
R3
2023-11-03 -
2024-02-01
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-02-01 -
2024-01-31
a year crt.sh
drift.com
Amazon RSA 2048 M02
2023-08-15 -
2024-09-11
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-08-24 -
2023-11-22
3 months crt.sh
*.srv.stackadapt.com
Amazon RSA 2048 M02
2023-09-09 -
2024-10-07
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2023-11-03 -
2024-05-03
6 months crt.sh
ibc-flow.techtarget.com
GTS CA 1D4
2023-09-21 -
2023-12-20
3 months crt.sh
*.google.de
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-07 -
2024-10-07
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
pixel.mathtag.com
DigiCert TLS RSA SHA256 2020 CA1
2023-05-07 -
2024-05-07
a year crt.sh
*.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Frame ID: A2DDE29F2F7F1627ED07A10F2D0CBBAF
Requests: 103 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22
Frame ID: ECD2C53A2AB46973AAE9E38746F854E3
Requests: 4 HTTP requests in this frame

Frame: https://app-abj.marketo.com/index.php/form/XDFrame
Frame ID: D6DB01AD947F472F9BA5318079B30013
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities  | Proofpoint US

Detected technologies

Overall confidence: 75%
Detected patterns

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

110
Requests

95 %
HTTPS

58 %
IPv6

30
Domains

39
Subdomains

37
IPs

4
Countries

2068 kB
Transfer

5270 kB
Size

35
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=proofpoint.com&pId=7816156554566731126
Request Chain 67
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&cookiesTest=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&cookiesTest=true&e_ipv6=AQLktjfq7ggbGAAAAYvQxOtBE56vsom493l46mCpnszSuJ1XAk6rrk-tmeR-mbjmeTEYgJ6n-AlGalDSM0ehhkNIi7knDg
Request Chain 95
  • https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22 HTTP 302
  • https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22
Request Chain 103
  • https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif HTTP 302
  • https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLABQUqmM2qJgAAAYvQxO3bL4Kb0vcBPQPEnOAAkFk0bItKq6fHQYw_gqsm1CN2dLHltCSNrMaZ14zqfzhQFMhkT3_Jjw

110 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
www.proofpoint.com/us/blog/threat-insight/
103 KB
36 KB
Document
General
Full URL
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
47afaf387fdb659d80ab21cfefb171443d12070f193213ad09f223a84be9e614
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Age
38137
Cache-Control
max-age=86400, public
Connection
keep-alive
Content-Encoding
gzip
Content-Length
29618
Content-Security-Policy
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Content-Type
text/html; charset=UTF-8
Content-language
en
Date
Wed, 15 Nov 2023 02:17:25 GMT
ETag
"1699976507-gzip"
Expires
Wed, 15 Nov 2023 15:41:48 GMT
Feature-Policy
geolocation 'self'
Last-Modified
Tue, 14 Nov 2023 15:41:47 GMT
Permissions-Policy
interest-cohort=()
Referrer-Policy
origin-when-cross-origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Cookie,Accept-Encoding,Host
Via
varnish
X-AH-Environment
prod
X-CDN
Imperva
X-Cache
HIT
X-Cache-Hits
705
X-Content-Security-Policy
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
X-Content-Type-Options
nosniff
X-Drupal-Cache
MISS
X-Drupal-Dynamic-Cache
MISS
X-Frame-Options
SAMEORIGIN
X-Iinfo
12-14404001-14404003 NNNN CT(309 622 0) RT(1700014644608 180) q(0 0 10 0) r(13 16) U18
X-Imperva-Purge-Tags
fk0h,2171,rsmc,0plh,r6o8,li2r,ebfb,unor,vunp,h4em,jamf,p7tt,khv0,8qo7,eken,6bqn,bvs8,2iho,h17a,9ipc,gebp,7nqj,reke,sbfi,9lcq,fj6k,shcs,8g9j,r1oq,kuit,tp2i,87nt,kj5r,fllv,l2u0,5cr3,80b8,us5v,vkkb,prna,j81r,4mkm
X-Permitted-Cross-Domain-Policies
none
X-Request-ID
v-523b100e-8304-11ee-ae10-5be06a55ae2f
X-UA-Compatible
IE=edge
X-WebKit-CSP
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
optimize.js
www.googleoptimize.com/
128 KB
50 KB
Script
General
Full URL
https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
485e87af4a84c6a945d42fc2c9492faf0b9b014f21e10e983f87da92949a22f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50444
x-xss-protection
0
last-modified
Wed, 15 Nov 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Nov 2023 02:17:26 GMT
js
www.googletagmanager.com/gtag/
283 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c91929775a0a386b33430cdd6f79f61f90006d62d5834fd4427844b3b561116a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94218
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 15 Nov 2023 02:17:26 GMT
gtm.js
www.googletagmanager.com/
398 KB
110 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
736e498b39dbb51fddaff1dd25a4f99a2c6c5842c43a8fd9e74fb204c4a3eec2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112448
x-xss-protection
0
last-modified
Wed, 15 Nov 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Nov 2023 02:17:26 GMT
js
www.googletagmanager.com/gtag/
283 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL&l=dataLayer&cx=c
Requested by
Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
25ba861b08fdb37d990f6e72e31a67463c20deb1b35951d4a210a8f5ceeeb0c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:26 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94194
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 15 Nov 2023 02:17:26 GMT
collect
region1.analytics.google.com/g/
0
256 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je3b81v890103917&_p=1700014646566&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1873590384.1700014647&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700014646&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2338
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.proofpoint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
247 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B1V8SZE3GL&cid=1873590384.1700014647&gtm=45je3b81v890103917&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.proofpoint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B1V8SZE3GL&cid=1873590384.1700014647&gtm=45je3b81v890103917&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=969673031
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 15 Nov 2023 01:49:41 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
1665
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 15 Nov 2023 03:49:41 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1700014646693&cv=11&fst=1700014646693&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76619393&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&hn=www.googleadservices.com&frm=0&auid=322505348.1700014647&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
14d010960eda6474575835081ee8328de559d79197487e06c3138b8a7336392a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1279
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bat.js
bat.bing.com/
45 KB
13 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 15 Nov 2023 02:17:27 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AE04878E2DFF49CCAD1CE25B07C3E871 Ref B: FRAEDGE1717 Ref C: 2023-11-15T02:17:27Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13175
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=proofpoint.com&pId=7816156554566731126
0
233 B
Image
General
Full URL
https://attr.ml-api.io/?domain=proofpoint.com&pId=7816156554566731126
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Server
2600:9000:211e:2600:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
content-type
application/json
x-amz-cf-id
gfkfuU_TfAuaI07j_JcCSuFsDaxd_lCbbsucJCE0EzJvB0pWk18uZw==
content-length
0
apigw-requestid
OauI1inCIAMESuQ=

Redirect headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:28 GMT
an-x-request-uuid
a1aa60ef-8970-4c79-8ee4-189143cf86ce
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://attr.ml-api.io/?domain=proofpoint.com&pId=7816156554566731126
x-proxy-origin
45.141.152.73; 45.141.152.73; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je3b81v890103917&_p=1700014646566&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1873590384.1700014647&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1700014646&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&dt=&en=scroll&epn.percent_scrolled=90&_et=7&tfd=2422
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.proofpoint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
j.php
dev.visualwebsiteoptimizer.com/
4 KB
2 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=767242&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&f=1&vn=1.3
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
6e7f06cecdda33dd8fa46bd2cbcf3fd3a73807ea24c9b9ef4a0482052cd01f88

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:26 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
etag
W/"1699903407_EA"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
18 KB
18 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Origin
https://www.proofpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"01c16c31"
X-Iinfo
12-14404001-0 0CNN RT(1700014644608 2131) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496207, public
x-incap-sess-cookie-hdr
TOP0MpHEXzOM5+YhUJ7bWjYqVGUAAAAASoiKh1GKSGjGQ192htFz2g==
Content-Length
18296
Expires
Mon, 20 Nov 2023 20:07:33 GMT
RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
21 KB
21 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Origin
https://www.proofpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"39ed386e"
Content-Type
application/font-woff
X-Iinfo
18-185474182-0 0CNN RT(1700014646914 182) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496207, public
x-incap-sess-cookie-hdr
RLIHXBAHRQ6M5+YhUJ7bWjcqVGUAAAAA8uq8d0uucxaaofMvfwHr/w==
Content-Length
20951
Expires
Mon, 20 Nov 2023 20:07:34 GMT
fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
20 KB
20 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Origin
https://www.proofpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"3a88d25f"
Content-Type
application/font-woff
X-Iinfo
7-9864448-0 0CNN RT(1700014646916 179) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496207, public
x-incap-sess-cookie-hdr
6xLOKaEv3jWM5+YhUJ7bWjcqVGUAAAAAQ6vRC3f0odOT4wJgbmLw6Q==
Content-Length
19954
Expires
Mon, 20 Nov 2023 20:07:34 GMT
fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
16 KB
17 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Origin
https://www.proofpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"80852160"
X-Iinfo
9-23905737-0 0CNN RT(1700014646918 181) q(0 -1 -1 -1) r(1 -1)
Cache-Control
max-age=500689, public
x-incap-sess-cookie-hdr
PAOCNxuzNWSM5+YhUJ7bWjcqVGUAAAAAVnalnGJ1NnpBhxJGZGWdag==
Content-Length
16540
Expires
Mon, 20 Nov 2023 21:22:16 GMT
RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
21 KB
21 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Origin
https://www.proofpoint.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"8df65834"
Content-Type
application/font-woff
X-Iinfo
6-6915255-0 0CNN RT(1700014646919 181) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496207, public
x-incap-sess-cookie-hdr
mPzrJx5I4j6M5+YhUJ7bWjcqVGUAAAAA9lh0x/yf4/muedd+IB+RQQ==
Content-Length
21304
Expires
Mon, 20 Nov 2023 20:07:34 GMT
css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/
25 KB
5 KB
Stylesheet
General
Full URL
https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 17 Oct 2023 23:52:00 GMT
X-CDN
Imperva
Etag
"032a9b05"
Content-Type
text/css
X-Iinfo
12-14404001-0 0CNN RT(1700014644608 2311) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=518356, public
Content-Length
4376
Expires
Tue, 21 Nov 2023 02:16:42 GMT
css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
www.proofpoint.com/sites/default/files/css/
154 KB
22 KB
Stylesheet
General
Full URL
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
18ee87e5590c5430c97c7690c34100ac436c43888326651fc755a5565f8795fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Fri, 10 Nov 2023 00:40:15 GMT
X-CDN
Imperva
Etag
"6dd8f362"
Content-Type
text/css
X-Iinfo
18-185474181-0 0CNN RT(1700014646913 180) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=805048, public
Content-Length
21898
Expires
Fri, 24 Nov 2023 09:54:55 GMT
js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js
www.proofpoint.com/sites/default/files/js/
310 B
706 B
Script
General
Full URL
https://www.proofpoint.com/sites/default/files/js/js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 17 Oct 2023 23:26:42 GMT
X-CDN
Imperva
Etag
"2c787c81"
Content-Type
text/javascript
X-Iinfo
12-14404001-0 0CNN RT(1700014644608 2492) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496207, public
Content-Length
235
Expires
Mon, 20 Nov 2023 20:07:34 GMT
modernizr.min.js
www.proofpoint.com/core/assets/vendor/modernizr/
7 KB
3 KB
Script
General
Full URL
https://www.proofpoint.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.11.7
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:22 GMT
X-CDN
Imperva
Content-Type
application/javascript
X-Iinfo
12-14404001-0 0CNN RT(1700014644608 2672) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496207, public
Content-Length
3090
Expires
Mon, 20 Nov 2023 20:07:34 GMT
modernizr-additional-tests.js
www.proofpoint.com/core/misc/
2 KB
1 KB
Script
General
Full URL
https://www.proofpoint.com/core/misc/modernizr-additional-tests.js?v=3.11.7
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:22 GMT
X-CDN
Imperva
Content-Type
application/javascript
X-Iinfo
18-185474181-0 0CNN RT(1700014646913 537) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496208, public
Content-Length
972
Expires
Mon, 20 Nov 2023 20:07:35 GMT
sharethis.js
platform-api.sharethis.com/js/
208 KB
47 KB
Script
General
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-75.fra56.r.cloudfront.net
Software
/
Resource Hash
f6c72789b4be7183c5626eed5975d7c22403d4a8ceb73db591128f7fabdbe9c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:16:18 GMT
content-encoding
gzip
via
1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA56-C2
age
68
etag
W/"33fbe-N51ttSXIC05eae0N3/gGTPPbUMQ"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-cache
Hit from cloudfront
x-amz-cf-id
f7749sbMlWVVri-f9bbstJWdhYNpX64S3Bz8Ew-WzgBtt-gKfcW1LQ==
logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
3 KB
2 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:26 GMT
X-CDN
Imperva
Etag
"13fdd2ef"
Content-Type
image/svg+xml
X-Iinfo
7-9864448-0 0CNN RT(1700014646916 535) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496209, public
Content-Length
1124
Expires
Mon, 20 Nov 2023 20:07:36 GMT
pfpt-sb-nav-promo-696x708.png.webp
www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/
17 KB
18 KB
Image
General
Full URL
https://www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/pfpt-sb-nav-promo-696x708.png.webp?itok=yaBL11K0
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1cf21f57d161f8de548c33c5232d48fa022d3a594ce5ea0df88b48ffeab17525
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Sep 2023 00:47:25 GMT
X-CDN
Imperva
Content-Type
image/png
X-Iinfo
18-185474182-0 0CNN RT(1700014646914 538) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496210, public
Content-Length
17908
Expires
Mon, 20 Nov 2023 20:07:37 GMT
home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
784 B
946 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"4c25cdee"
Content-Type
image/svg+xml
X-Iinfo
18-185474182-0 0CNN RT(1700014646914 725) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=534192, public
Content-Length
477
Expires
Tue, 21 Nov 2023 06:40:39 GMT
pfpt-us-europe-connect.jpg.webp
www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-banners/
169 KB
169 KB
Image
General
Full URL
https://www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-banners/pfpt-us-europe-connect.jpg.webp?itok=Zg2LDJWR
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
f4f32bfaaf7aa59e6ccb567d42477b7ac04fc4df29a6219b50337677f190bfd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

X-Cache-Hits
449
Date
Wed, 15 Nov 2023 02:17:28 GMT
Via
varnish
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-CDN
Imperva
Age
471903
X-Cache
HIT
X-Iinfo
7-9864448-9864453 NNNN CT(309 309 0) RT(1700014646916 723) q(0 0 6 -1) r(9 12) U18
Connection
keep-alive
X-AH-Environment
prod
Content-Length
172602
X-Request-ID
v-639d49de-7f12-11ee-ac48-d30fd294d7ae
Last-Modified
Fri, 06 Oct 2023 08:57:41 GMT
Server
nginx
Vary
Host
Content-Type
image/jpeg
Cache-Control
max-age=1209600
Accept-Ranges
bytes
Expires
Thu, 23 Nov 2023 15:12:25 GMT
forms2.min.js
app-abj.marketo.com/js/forms2/js/
208 KB
70 KB
Script
General
Full URL
https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6ff9c0c443a9050137759816c352d43e96a673bb4023c2ba231cdbed6fe6f52
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63113904
last-modified
Wed, 18 Oct 2023 05:47:00 GMT
server
cloudflare
cf-cache-status
HIT
age
6824
etag
"1e27c0-3414b-607f72b01fac9"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
8263ff7c7eae65c3-FRA
expires
Wed, 15 Nov 2023 06:17:27 GMT
conversion.js
www.googleadservices.com/pagead/
50 KB
19 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
34eace17373618f0ef6ad0052c607c2b3a6c02af6a6e0a1d16fa15efb97c139d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18823
x-xss-protection
0
server
cafe
etag
4145344891725561964
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 15 Nov 2023 02:17:27 GMT
js_A6U2kYh8Bv7-IFtg9IWApMdCRDl9B5mr_S4FSPDZG4k.js
www.proofpoint.com/sites/default/files/js/
172 KB
59 KB
Script
General
Full URL
https://www.proofpoint.com/sites/default/files/js/js_A6U2kYh8Bv7-IFtg9IWApMdCRDl9B5mr_S4FSPDZG4k.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
03a53691887c06fefe205b60f48580a4c74244397d0799abfd2e0548f0d91b89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:17:27 GMT
X-CDN
Imperva
Etag
"1bced047"
Content-Type
text/javascript
X-Iinfo
18-185474181-0 0CNN RT(1700014646913 724) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=518358, public
Content-Length
60047
Expires
Tue, 21 Nov 2023 02:16:45 GMT
geoip2.js
geoip-js.com/js/apis/geoip2/v2.1/
3 KB
2 KB
Script
General
Full URL
https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:216e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 15 Nov 2023 02:01:36 GMT
server
cloudflare
age
951
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
8263ff7bee9b1d8a-FRA
expires
Wed, 15 Nov 2023 06:17:27 GMT
js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js
www.proofpoint.com/sites/default/files/js/
9 KB
3 KB
Script
General
Full URL
https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Thu, 19 Oct 2023 23:48:28 GMT
X-CDN
Imperva
Etag
"6e3ea0aa"
Content-Type
text/javascript
X-Iinfo
6-6915255-0 0CNN RT(1700014646919 720) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496207, public
Content-Length
2188
Expires
Mon, 20 Nov 2023 20:07:34 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-85-59.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
js_R4wqHBHjL-SSm0FIov4UrujsHzlJwM3p9e9uYPgjyrk.js
www.proofpoint.com/sites/default/files/js/
1 MB
448 KB
Script
General
Full URL
https://www.proofpoint.com/sites/default/files/js/js_R4wqHBHjL-SSm0FIov4UrujsHzlJwM3p9e9uYPgjyrk.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
478c2a1c11e32fe4929b4148a2fe14aee8ec1f3949c0cde9f5ef6e60f823cab9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Fri, 10 Nov 2023 00:39:45 GMT
X-CDN
Imperva
Etag
"fe44125b"
Content-Type
text/javascript
X-Iinfo
12-14404001-0 0CNN RT(1700014644608 3030) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=772953, public
Content-Length
458134
Expires
Fri, 24 Nov 2023 01:00:00 GMT
collect
www.google-analytics.com/j/
4 B
211 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1471103355&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&ul=en-us&de=UTF-8&dt=TA402%20Uses%20Complex%20IronWind%20Infection%20Chains%20to%20Target%20Middle%20East-Based%20Government%20Entities%C2%A0%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAEK~&jid=564638856&gjid=272846796&cid=1873590384.1700014647&tid=UA-2257074-1&_gid=949271913.1700014647&_r=1&_slc=1&gtm=45He3b81n81MGR7P8Xv76619393&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cd19=1873590384.1700014647&z=1657191743
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.proofpoint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/950296937/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/950296937/?random=1700014646693&cv=11&fst=1700013600000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76619393&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&frm=0&fmt=3&is_vtc=1&cid=CAQSGwDICaaNWX5DWVintB3yVPc4d8SXlMBc9FWL6g&random=999439030&rmt_tld=0&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/950296937/
42 B
154 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/950296937/?random=1700014646693&cv=11&fst=1700013600000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v76619393&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&frm=0&fmt=3&is_vtc=1&cid=CAQSGwDICaaNWX5DWVintB3yVPc4d8SXlMBc9FWL6g&random=999439030&rmt_tld=1&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:27 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
151 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2257074-1&cid=1873590384.1700014647&jid=564638856&gjid=272846796&_gid=949271913.1700014647&_u=YADAAEAAAAAAACAEK~&z=817417474
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 15 Nov 2023 02:17:26 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.proofpoint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
v.gif
dev.visualwebsiteoptimizer.com/
35 B
142 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=767242&d=proofpoint.com&u=D3E9C780FA3BEB536B3A2E0B001E5D6D7&h=d27ef5bddeb32157e5f5f01c00696824&t=false
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
cache-control
public, max-age=43200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
ga-audiences
www.google.com/ads/
42 B
107 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=1873590384.1700014647&jid=564638856&_u=YADAAEAAAAAAACAEK~&z=400960366
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=1873590384.1700014647&jid=564638856&_u=YADAAEAAAAAAACAEK~&z=400960366
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:27 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/
12 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
eb95637efae5654befe368b4414900156bcef3ea8d3a8b29b1c4abf37da728c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 15 Nov 2023 02:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 15 Nov 2023 02:17:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 15 Nov 2023 02:17:27 GMT
6543fd1a2398960013d900a7.js
buttons-config.sharethis.com/js/
745 B
1 KB
Script
General
Full URL
https://buttons-config.sharethis.com/js/6543fd1a2398960013d900a7.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:a000:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
595d9725a69c9594b863f145e0aafaf64fa5831c8c70e851a5c978704ad43b63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:29 GMT
via
1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 14 Nov 2023 20:43:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
etag
"0f14664a923b0abb58723fc952168049"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
745
x-amz-cf-id
hhgbC7Rg_FOyZ1udIDtHUBpyzxASQQepISYNvkY9prGzYvKh2KIuGA==
nav-search-icon.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
251 B
667 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/nav-search-icon.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:26 GMT
X-CDN
Imperva
Etag
"f9d15cf7"
Content-Type
image/svg+xml
X-Iinfo
9-23905737-0 0CNN RT(1700014646918 723) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496210, public
Content-Length
200
Expires
Mon, 20 Nov 2023 20:07:37 GMT
header-search-submit.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
263 B
682 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-search-submit.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"74f89ce5"
Content-Type
image/svg+xml
X-Iinfo
18-185474181-0 0CNN RT(1700014646913 1091) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496210, public
Content-Length
212
Expires
Mon, 20 Nov 2023 20:07:38 GMT
header-language-selector.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
3 KB
2 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-language-selector.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d53ad65904b3e7c8a7dbf9479478e5c3f84ac198f1d81f3a97edd0e4af552e3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"42805225"
Content-Type
image/svg+xml
X-Iinfo
9-23905737-0 0CNN RT(1700014646918 915) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=500692, public
Content-Length
1344
Expires
Mon, 20 Nov 2023 21:22:19 GMT
ransomware-bg-img.png.webp
www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/
2 KB
2 KB
Image
General
Full URL
https://www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/ransomware-bg-img.png.webp?itok=FI5DSrca
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
029d219cdef5f07caa9c512aa1e804f9251cc8623c2461dd9c01cb680700da97
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Wed, 27 Sep 2023 00:47:25 GMT
X-CDN
Imperva
Content-Type
image/png
X-Iinfo
18-185474182-0 0CNN RT(1700014646914 918) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=500691, public
Content-Length
1624
Expires
Mon, 20 Nov 2023 21:22:18 GMT
block-subscribe-button-addthis.webp
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
2 KB
2 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/block-subscribe-button-addthis.webp
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5f3083b731588016304b0ac105b66985b8ffc9d2c7a2e627f0435da5e86a4648
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"81ec458f"
X-Iinfo
6-6915255-0 0CNN RT(1700014646919 914) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=547252, public
Content-Length
1656
Expires
Tue, 21 Nov 2023 10:18:19 GMT
Picture1_43.png
www.proofpoint.com/sites/default/files/inline-images/
198 KB
199 KB
Image
General
Full URL
https://www.proofpoint.com/sites/default/files/inline-images/Picture1_43.png
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f0a5e13a7ed4320f7acc7dd0c9a7a91083196c253ba3e029e8acd369be545558
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Tue, 07 Nov 2023 00:56:41 GMT
X-CDN
Imperva
Etag
"61227f70"
Content-Type
image/png
X-Iinfo
18-185474182-185438791 2CNN RT(1700014646914 1097) q(0 0 0 -1) r(0 0) U18
Cache-Control
max-age=1152683, public
Content-Length
203240
Expires
Tue, 28 Nov 2023 10:28:50 GMT
Picture2_25.png
www.proofpoint.com/sites/default/files/inline-images/
148 KB
148 KB
Image
General
Full URL
https://www.proofpoint.com/sites/default/files/inline-images/Picture2_25.png
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
7b2313d18625741bd439b3e67b820cfcbd9ac7ef52b0b4b4e510b7b43482428f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Tue, 07 Nov 2023 00:57:08 GMT
X-CDN
Imperva
Etag
"432b85d5"
Content-Type
image/png
X-Iinfo
9-23905737-23902984 2CNN RT(1700014646918 1097) q(0 0 0 -1) r(0 0) U18
Cache-Control
max-age=1152684, public
Content-Length
151156
Expires
Tue, 28 Nov 2023 10:28:51 GMT
pview
l.sharethis.com/
0
405 B
XHR
General
Full URL
https://l.sharethis.com/pview?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&source=platform&fcmp=false&fcmpv2=false&has_segmentio=false&title=TA402%20Uses%20Complex%20IronWind%20Infection%20Chains%20to%20Target%20Middle%20East-Based%20Government%20Entities%C2%A0%20%7C%20Proofpoint%20US&cms=unknown&publisher=6543fd1a2398960013d900a7&sop=true&version=st_sop.js&lang=en&description=Key%20takeaways%C2%A0%20From%20July%20through%20October%202023%2C%20Proofpoint%20researchers%20observed%20TA402%20engage%20in%20phishing%20campaigns%20that%20delivered%20a%20new%20initial%20access%20downloader%20dubbed%20IronWind.&ua=&ua_mobile=false&ua_full_version_list=&uuid=880b98cb-3c38-4477-ae38-b697f6d2b92b
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.159.73.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-73-23.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:27 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains;
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
https://www.proofpoint.com
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
6si.min.js
j.6sc.co/
62 KB
17 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4a6b23f2e9104338fbd23f2dbeed9d66d1e6ce39ff19c62b3df45a8fb1785105
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Nov 2023 16:55:18 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"655254f6-f762"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
16951
expires
Wed, 15 Nov 2023 02:17:27 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
12 KB
4 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0f95243b84215f5c6187452bccc0df8e5442db6d0150855df3c9c355796da6a8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 Nov 2023 10:26:27 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=29395
accept-ranges
bytes
content-length
3840
s
ads.avocet.io/
0
0

1594.js
tracking.g2crowd.com/attribution_tracking/conversions/
16 B
431 B
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
46827ccc-61c7-4ec9-a7af-5300b3a0e5fe
x-runtime
0.003553
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
8263ff7c5e982ba3-FRA
1644.js
tracking.g2crowd.com/attribution_tracking/conversions/
16 B
414 B
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
5f909338-9e06-41ea-a5be-a82783f7a6e9
x-runtime
0.003918
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
8263ff7c6eab2ba3-FRA
1645.js
tracking.g2crowd.com/attribution_tracking/conversions/
16 B
409 B
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
d4de0106-7375-4af5-b3bb-d9f1145a015b
x-runtime
0.003906
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
8263ff7c6eac2ba3-FRA
1646.js
tracking.g2crowd.com/attribution_tracking/conversions/
16 B
411 B
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
e8d6a3dc-601e-43a1-a2ca-c0ff3e50891b
x-runtime
0.003509
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
8263ff7c6ead2ba3-FRA
1647.js
tracking.g2crowd.com/attribution_tracking/conversions/
16 B
1 KB
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
59642171-e463-458a-b6ce-608b7762bbd8
x-runtime
0.003663
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
8263ff7c6eae2ba3-FRA
s
ads.avocet.io/
0
0

5dfsgn7m2kst.js
js.driftt.com/include/1700014800000/
217 KB
61 KB
Script
General
Full URL
https://js.driftt.com/include/1700014800000/5dfsgn7m2kst.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.73 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-73.fra60.r.cloudfront.net
Software
istio-envoy /
Resource Hash
5c08889ed9c4b5d83121cc4bc9befedfc985b0b183eac6e2d1bdb039c208c595
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id
pTyZz3vClodmtr8AafX.GUemxtIUkp7B
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
date
Wed, 15 Nov 2023 02:17:27 GMT
via
1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-envoy-upstream-service-time
28
last-modified
Thu, 09 Nov 2023 17:32:11 GMT
server
istio-envoy
etag
W/"fe986078b2ab11ffab0d2bf35be49e34"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
b6XxILtcvyuFJonoxgwBHImbY366HPWBuf-9hfbyZG2cIj2EftKpjg==
fbevents.js
connect.facebook.net/en_US/
202 KB
54 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 15 Nov 2023 02:17:27 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54273
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
H5Ejv9uiFmdVlGQ4f5My61guBYfxdmNSTbBaN9y8IOXkEwgj7cYKmrisqTuaAVc/UgPWZzm7QhezdH+KzlQsHg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
server
cloudflare
age
76922
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
8263ff7d1b3d5c2c-FRA
expires
Wed, 15 Nov 2023 02:37:27 GMT
events.js
tags.srv.stackadapt.com/
18 KB
7 KB
Script
General
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.251.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-251-91.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
6cfd4dca119d8d3be1d88aa7a0701c88c9017595b6a29cfd6e180fd86365ef89

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 15 Nov 2023 02:17:27 GMT
cache-control
max-age=5
content-encoding
gzip
content-type
text/javascript
17087961.js
bat.bing.com/p/action/
0
116 B
Script
General
Full URL
https://bat.bing.com/p/action/17087961.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Wed, 15 Nov 2023 02:17:27 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 4C0BF31C010B4CEABF792844E9A92C67 Ref B: FRAEDGE1717 Ref C: 2023-11-15T02:17:27Z
x-cache
CONFIG_NOCACHE
insight.beta.min.js
snap.licdn.com/li.lms-analytics/
41 KB
15 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1f82d161ac3cd34fbb392e867c7263caaeaddbca20cae29e735247e024e5a72e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 14 Nov 2023 10:26:27 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=29342
accept-ranges
bytes
content-length
15380
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infe...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infe...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-inf...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&cookiesTest=true&e_ipv6=AQLktjfq7ggbGAAAAYvQxOtBE56vsom493l46mCpnszSuJ1XAk6rrk-tmeR-mbjmeTEYgJ6n-AlGalDSM0ehhkNIi7knDg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: B6301FA8B3CF452BACB2195E52881341 Ref B: FRAEDGE2018 Ref C: 2023-11-15T02:17:28Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lva1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYKJ4E5GUxKRhiH0qQBow==

Redirect headers

date
Wed, 15 Nov 2023 02:17:27 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: F226E904BFE9493C8137A7B62E43A183 Ref B: FRAEDGE1810 Ref C: 2023-11-15T02:17:28Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1700014647765&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&cookiesTest=true&e_ipv6=AQLktjfq7ggbGAAAAYvQxOtBE56vsom493l46mCpnszSuJ1XAk6rrk-tmeR-mbjmeTEYgJ6n-AlGalDSM0ehhkNIi7knDg
x-li-proto
http/2
content-length
0
x-li-uuid
AAYKJ4E2ym88fmWJwT8s5w==
/
px.ads.linkedin.com/wa/
0
699 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.proofpoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 15 Nov 2023 02:17:27 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 2F5B869FB95E485EA8A8EC141808AFFC Ref B: FRAEDGE1810 Ref C: 2023-11-15T02:17:27Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
access-control-allow-origin
https://www.proofpoint.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYKJ4Eye06j83Pswl2FEA==
marketo-form-spinner.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
3 KB
875 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/marketo-form-spinner.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5680e67bec883a7cc47635705afdaa0d28ad681a1bec515983784fe6c002356b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:26 GMT
X-CDN
Imperva
Etag
"d85f1d02"
Content-Type
image/svg+xml
X-Iinfo
6-6915255-0 0CNN RT(1700014646919 1096) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496211, public
Content-Length
408
Expires
Mon, 20 Nov 2023 20:07:39 GMT
footer-logo.webp
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
22 KB
22 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/footer-logo.webp
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
2fdb22da214a2f7bcfb7d56f8abbdca611c002e04b290aff79caa93d4aaa76f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"309d9079"
X-Iinfo
18-185474181-0 0CNN RT(1700014646913 1271) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496216, public
Content-Length
22268
Expires
Mon, 20 Nov 2023 20:07:44 GMT
twitter-x.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
674 B
932 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/twitter-x.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
637bd059ef7a81089f0b6111be2ed656ca25fdf9200af682a3154a4ab5eab498
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:26 GMT
X-CDN
Imperva
Etag
"2420fbc3"
Content-Type
image/svg+xml
X-Iinfo
6-6915255-0 0CNN RT(1700014646919 1279) q(0 -1 -1 -1) r(1 -1)
Cache-Control
max-age=496217, public
Content-Length
465
Expires
Mon, 20 Nov 2023 20:07:45 GMT
regions.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
3 KB
2 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/regions.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:26 GMT
X-CDN
Imperva
Etag
"6222cb97"
Content-Type
image/svg+xml
X-Iinfo
12-14404001-0 0CNN RT(1700014644608 3753) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=496217, public
Content-Length
1355
Expires
Mon, 20 Nov 2023 20:07:45 GMT
143852102935619
connect.facebook.net/signals/config/
140 KB
36 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/143852102935619?v=2.9.138&r=stable&domain=www.proofpoint.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d54bab8c96d8261e2b8ff57aaa455d48ac517038d8f7fcf9265801d9b6b21e45
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 15 Nov 2023 02:17:27 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
+er+yqlH0i3IbpGV2ySyEHSAZ/wGU6se/aH/F9yuV9Iby5eLnM7xjr8PTcylyxIFQ8ybA7sj0AZR3FWAfEVawA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
gif.gif
ibc-flow.techtarget.com/a/
43 B
449 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1700014647899&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
1268939
Referer
https://www.proofpoint.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
via
1.1 google
x-guploader-uploadid
ABPtcPrf25wdNRUY24hy-4y-NyoVk0iQ1OQoN5RPcH1GM4Gdbg0NN9VIdKIbJKDQdftY7oiMbpo
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Wed, 15 Nov 2023 03:17:28 GMT
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1700014647899&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://www.proofpoint.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 15 Nov 2023 02:17:27 GMT
expires
Wed, 15 Nov 2023 02:17:27 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
ABPtcPqKt-xghpY37Uu47QBfIkyITMsj1ZastdzHRp1-Yl024dgQ7ZKGAK1Le0U32L_NRla-0ww
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&rl=&if=false&ts=1700014647942&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1700014647940.1888615543&cs_est=true&ler=empty&it=1700014647869&coo=false&rqm=GET
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 15 Nov 2023 02:17:27 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
sa.css
tags.srv.stackadapt.com/
65 B
203 B
Stylesheet
General
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.251.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-251-91.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
467daf0e8b354082fca6735426bc90ba1ab30ecc6c09d7f9489b0f8fd55fd8ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 15 Nov 2023 02:17:28 GMT
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
65
content-type
text/css
sa.jpeg
tags.srv.stackadapt.com/
0
2 KB
Fetch
General
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.251.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-251-91.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 15 Nov 2023 02:17:28 GMT
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
content-type
image/jpeg
munchkin.js
munchkin.marketo.net/163/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.31.85.59 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-85-59.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4741
Expires
Fri, 23 Feb 2024 02:17:28 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1700014648108&cv=9&fst=1700014648108&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&tiba=TA402%20Uses%20Complex%20IronWind%20Infection%20Chains%20to%20Target%20Middle%20East-Based%20Government%20Entities%C2%A0%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d3333bcd8b6008776f09dcde1eee0f68616c97d56abb4a6cf25f8a15f6bc84f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:28 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1458
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
saq_pxl
tags.srv.stackadapt.com/
185 B
381 B
XHR
General
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=dG-GbvdPxi8YOQyjVLjRlg&is_js=true&landing_url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&t=TA402%20Uses%20Complex%20IronWind%20Infection%20Chains%20to%20Target%20Middle%20East-Based%20Government%20Entities%C2%A0%20%7C%20Proofpoint%20US&tip=JQyerOrcPa2b7V892-MhQXPBlcHLXGTG08xMwYkJrx8&host=https%3A%2F%2Fwww.proofpoint.com&sa_conv_data_css_value=%270-54cb0e83-20ac-590a-548e-44c5abe7216b%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd954cb0e8320ac590a548e44c5abe7216b2d8d9849&sa-user-id-v3=s%253AAQAKIKI2ZiLnEicP7zgVCpCFBk31l6UUG2_yjbJLzfnMbNZ5EHwYBCC31NCqBjABOgRzygDyQgQgaYoD.exj0HNFWG6gX7moC3ZHrkQ27LHHtAoF%252BPDbDpUauyCc&sa-user-id-v2=s%253AVMsOgyCsWQpUjkTFq-chay2NmEk.7En7dnNIjZrnNsMBzHhwWiIlTCsJbhgJUf7%252BMPwFn8A&sa-user-id=s%253A0-54cb0e83-20ac-590a-548e-44c5abe7216b.%252FSvY4q8feJPfVF06byAhHq2TV4apA4xJw50oA98dChg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.251.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-251-91.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
00a028b6540a3f5309fccc8c5c6d5d5e1da884807e21931d907f29f7247ea734

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-origin
https://www.proofpoint.com
date
Wed, 15 Nov 2023 02:17:28 GMT
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
185
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
/
www.google.com/pagead/1p-user-list/950296937/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/950296937/?random=1700014648108&cv=9&fst=1700013600000&num=1&guid=ON&eid=375603260%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&tiba=TA402%20Uses%20Complex%20IronWind%20Infection%20Chains%20to%20Target%20Middle%20East-Based%20Government%20Entities%C2%A0%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&cid=CAQSKQDICaaNldWKsE27YcVdZPsS2r4d1PG8t2AXCGUR1cHJxZizD2eiC_FH&random=3617317870&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/950296937/
42 B
64 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/950296937/?random=1700014648108&cv=9&fst=1700013600000&num=1&guid=ON&eid=375603260%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&tiba=TA402%20Uses%20Complex%20IronWind%20Infection%20Chains%20to%20Target%20Middle%20East-Based%20Government%20Entities%C2%A0%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&cid=CAQSKQDICaaNldWKsE27YcVdZPsS2r4d1PG8t2AXCGUR1cHJxZizD2eiC_FH&random=3617317870&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
0aa7bf60-e68f-4aa9-b723-31e6de31b763
https://www.proofpoint.com/
43 B
0
Image
General
Full URL
blob:https://www.proofpoint.com/0aa7bf60-e68f-4aa9-b723-31e6de31b763
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
visitWebPage
309-rhv-619.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1700014648268&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1700014648267-64633&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
50e12b5b-1bad-46a7-89c1-be115962489c
facebook.svg
platform-cdn.sharethis.com/img/
301 B
724 B
Image
General
Full URL
https://platform-cdn.sharethis.com/img/facebook.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 02:45:41 GMT
via
1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 10 Oct 2019 01:20:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
age
2503908
etag
"c6e9be45643e197ce1db1d7e24a99adc"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
content-length
301
x-amz-cf-id
nubQKPlqakNOQD0rDtcZDCHQwcNe4Re2gaErm62y6NrFaM-bPVJfbA==
twitter.svg
platform-cdn.sharethis.com/img/
368 B
777 B
Image
General
Full URL
https://platform-cdn.sharethis.com/img/twitter.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:14:05 GMT
via
1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Fri, 15 Sep 2023 16:58:49 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
age
204
x-amz-server-side-encryption
AES256
etag
"2deb3d5121d475d195577a70b0a91a0c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
368
x-amz-cf-id
BDepumqe8KI-JhcTPg61tUem_4ChVnEhFQ7EcLgi_f4J5uPOT3joJw==
linkedin.svg
platform-cdn.sharethis.com/img/
456 B
882 B
Image
General
Full URL
https://platform-cdn.sharethis.com/img/linkedin.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 06:16:06 GMT
via
1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 10 Oct 2019 01:20:12 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
age
2491283
etag
"fa43b4ede18498b114fc7185993f6da7"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
content-length
456
x-amz-cf-id
YvCFna61TP9pI5r14_IOaQBY0GuyTwTbnTy7NVCaruGsxwN5E5WkoA==
email.svg
platform-cdn.sharethis.com/img/
343 B
785 B
Image
General
Full URL
https://platform-cdn.sharethis.com/img/email.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6a00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Tue, 14 Nov 2023 16:06:15 GMT
via
1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
FRA50-C1
age
36674
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
343
last-modified
Thu, 10 Oct 2019 01:20:12 GMT
server
AmazonS3
etag
"5977437466e857c7ddcadda6f6d88c2a"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
x-amz-cf-id
ZUgA5UpVBPfbcrheWfHklJ2DfLm9vdjS0Cv9b6YVpVPBmB3jgzlTrg==
me
geoip-js.com/geoip/v2.1/country/
757 B
957 B
XHR
General
Full URL
https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com
Requested by
Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:216e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e4f575236c7bc656fe2c1f6f84aa70646ef66bbdb54259d4334349f693e61f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin
*
cf-ray
8263ff81287890da-FRA
content-length
757
header-email.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
951 B
981 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-email.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"81ce57ee"
Content-Type
image/svg+xml
X-Iinfo
6-6915255-0 0CNN RT(1700014646919 1585) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=500695, public
Content-Length
514
Expires
Mon, 20 Nov 2023 21:22:23 GMT
header-shield.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
298 B
673 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-shield.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"1eb00a79"
Content-Type
image/svg+xml
X-Iinfo
12-14404001-0 0CNN RT(1700014644608 3934) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=500695, public
Content-Length
204
Expires
Mon, 20 Nov 2023 21:22:23 GMT
header-security.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
934 B
906 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-security.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:25 GMT
X-CDN
Imperva
Etag
"3296a54b"
Content-Type
image/svg+xml
X-Iinfo
18-185474181-0 0CNN RT(1700014646913 1590) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=500695, public
Content-Length
436
Expires
Mon, 20 Nov 2023 21:22:23 GMT
getForm
app-abj.marketo.com/index.php/form/
6 KB
2 KB
Script
General
Full URL
https://app-abj.marketo.com/index.php/form/getForm?munchkinId=309-RHV-619&form=10895&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&callback=jQuery112405276557252035523_1700014647789&_=1700014647790
Requested by
Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3185095231cb6400053376f555f264f8ec296dd7fc8caf7278d9c79f830d2382

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
content-encoding
gzip
server
cloudflare
cf-ray
8263ff8128ff65c3-FRA
cached
true
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22
4788165.fls.doubleclick.net/ Frame ECD2
Redirect Chain
  • https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22?
  • https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22?
686 B
484 B
Document
General
Full URL
https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f6.1e100.net
Software
cafe /
Resource Hash
29e344583ba037b5fca2ae56b1145412b7640b7abacd41dd3db895e5b6cc1019
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
374
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 15 Nov 2023 02:17:28 GMT
expires
Wed, 15 Nov 2023 02:17:28 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 15 Nov 2023 02:17:28 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
0
bat.bing.com/action/
0
285 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=17087961&tm=gtm002&Ver=2&mid=752dce7e-5184-4f33-843a-1e4e560b4395&sid=1fe2b780835d11eeab8cc1bbde5bc854&vid=1fe2ec60835d11ee991dc14dcc45aa45&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=TA402%20Uses%20Complex%20IronWind%20Infection%20Chains%20to%20Target%20Middle%20East-Based%20Government%20Entities%C2%A0%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&r=&lt=4222&evt=pageLoad&sv=1&rn=657932
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 15 Nov 2023 02:17:28 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 5D662F1858A44CE7BD0C679F414AFAF1 Ref B: FRAEDGE1717 Ref C: 2023-11-15T02:17:28Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/
3 KB
4 KB
Image
General
Full URL
https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Nov 2023 23:27:25 GMT
X-CDN
Imperva
Etag
"cc0c264c"
Content-Type
image/png
X-Iinfo
9-23905737-0 0CNN RT(1700014646918 1698) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=530918, public
Content-Length
3329
Expires
Tue, 21 Nov 2023 05:46:06 GMT
forms2.css
app-abj.marketo.com/js/forms2/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://app-abj.marketo.com/js/forms2/css/forms2.css
Requested by
Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63113904
cf-cache-status
HIT
age
5934
content-length
2623
last-modified
Tue, 26 Sep 2023 22:55:04 GMT
server
cloudflare
etag
"1e2747-3437-6064af724e200"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8263ff81d95265c3-FRA
expires
Wed, 15 Nov 2023 06:17:28 GMT
forms2-theme-plain.css
app-abj.marketo.com/js/forms2/css/
828 B
331 B
Stylesheet
General
Full URL
https://app-abj.marketo.com/js/forms2/css/forms2-theme-plain.css
Requested by
Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 26 Sep 2023 22:55:04 GMT
server
cloudflare
age
5934
etag
"1e2745-33c-6064af724e200"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8263ff81d95365c3-FRA
content-length
246
expires
Wed, 15 Nov 2023 06:17:28 GMT
getKnownLead
app-abj.marketo.com/index.php/form/
49 B
279 B
Script
General
Full URL
https://app-abj.marketo.com/index.php/form/getKnownLead?form=10895&lpId=&munchkinId=309-RHV-619&filledFields=true&_mkt_trk=id%3A309-RHV-619%26token%3A_mch-proofpoint.com-1700014648267-64633&callback=jQuery112405276557252035523_1700014647789&_=1700014647791
Requested by
Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da13ebf952c6f7bc3e4646de0c977f12a3523a5015e175b6441b42e1e7207cd2
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:29 GMT
strict-transport-security
max-age=63113904
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
gzip
server
cloudflare
content-type
application/javascript; charset=utf-8
cf-ray
8263ff81d95565c3-FRA
language-selector.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
571 B
792 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/language-selector.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
89cfdadb23c7206b508ca2007f1e8c183f609fd283a91b03e19b64ee2f03a288
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:26 GMT
X-CDN
Imperva
Etag
"73801966"
Content-Type
image/svg+xml
X-Iinfo
18-185474182-0 0CNN RT(1700014646914 1706) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=500694, public
Content-Length
322
Expires
Mon, 20 Nov 2023 21:22:22 GMT
language-selector-close.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
429 B
740 B
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/language-selector-close.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
96edd93e84addeee41ef9c34f49a339fead522f84e7c61a48877c8768b5d7caf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/sites/default/files/css/css_GO6H5VkMVDDJfHaQw0EArENsQ4iDJmUfx1WlVl-Hlf0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Tue, 31 Oct 2023 23:14:26 GMT
X-CDN
Imperva
Etag
"ab0b796a"
Content-Type
image/svg+xml
X-Iinfo
18-185474181-0 0CNN RT(1700014646913 1771) q(0 -1 -1 -1) r(0 -1)
Cache-Control
max-age=500694, public
Content-Length
270
Expires
Mon, 20 Nov 2023 21:22:22 GMT
collect
px4.ads.linkedin.com/ Frame ECD2
Redirect Chain
  • https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif
  • https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLABQUqmM2qJgAAAYvQxO3bL4Kb0vcBPQPEnOAAkFk0bItKq6fHQYw_gqsm1CN2dLHltCSNrMaZ14zqfzhQFMhkT3_Jjw
43 B
246 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLABQUqmM2qJgAAAYvQxO3bL4Kb0vcBPQPEnOAAkFk0bItKq6fHQYw_gqsm1CN2dLHltCSNrMaZ14zqfzhQFMhkT3_Jjw
Requested by
Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22?
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4788165.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:28 GMT
content-encoding
gzip
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 9B7C1A5714164774BE81D4C9209B8B4E Ref B: FRAEDGE2018 Ref C: 2023-11-15T02:17:28Z
linkedin-action
1
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
content-type
image/gif
x-li-proto
http/2
content-length
65
x-li-uuid
AAYKJ4FCpg6L2JfBOiqMXg==

Redirect headers

date
Wed, 15 Nov 2023 02:17:28 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: D7BB0F18CA1040EDB992CE58A7D2D143 Ref B: FRAEDGE1810 Ref C: 2023-11-15T02:17:28Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLABQUqmM2qJgAAAYvQxO3bL4Kb0vcBPQPEnOAAkFk0bItKq6fHQYw_gqsm1CN2dLHltCSNrMaZ14zqfzhQFMhkT3_Jjw
x-li-proto
http/2
content-length
0
x-li-uuid
AAYKJ4FBA7gSRBMJZQQWxg==
img
pixel.mathtag.com/event/ Frame ECD2
43 B
564 B
Image
General
Full URL
https://pixel.mathtag.com/event/img?mt_id=1442966&mt_adid=226348&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=&ord=670615983
Requested by
Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22?
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.101.148.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-148-198.deploy.static.akamaitechnologies.com
Software
MT3 1075 283b7e3 master zrh zrh-pixel-x12 config_version:"1369" /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4788165.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Wed, 15 Nov 2023 02:17:28 GMT
Server
MT3 1075 283b7e3 master zrh zrh-pixel-x12 config_version:"1369"
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
*
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Content-Length
43
Expires
Wed, 15 Nov 2023 02:17:27 GMT
dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22
adservice.google.com/ddm/fls/z/ Frame ECD2
42 B
401 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22
Requested by
Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNfI_Yn4xIIDFefAuwgd1qcBLQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=8156527190531.22?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4788165.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:28 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
XDFrame
app-abj.marketo.com/index.php/form/ Frame D6DB
2 KB
860 B
Document
General
Full URL
https://app-abj.marketo.com/index.php/form/XDFrame
Requested by
Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
8263ff84aaa265c3-FRA
content-encoding
gzip
content-length
650
content-type
text/html; charset=utf-8
date
Wed, 15 Nov 2023 02:17:29 GMT
server
cloudflare
strict-transport-security
max-age=63113904
vary
Accept-Encoding
x-content-type-options
nosniff
forms2.min.js
app-abj.marketo.com/js/forms2/js/ Frame D6DB
208 KB
69 KB
Script
General
Full URL
https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Requested by
Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6ff9c0c443a9050137759816c352d43e96a673bb4023c2ba231cdbed6fe6f52
Security Headers
Name Value
Strict-Transport-Security max-age=63113904
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app-abj.marketo.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 02:17:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63113904
last-modified
Wed, 18 Oct 2023 05:47:00 GMT
server
cloudflare
cf-cache-status
HIT
age
6826
etag
"1e27c0-3414b-607f72b01fac9"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
8263ff856b0a65c3-FRA
expires
Wed, 15 Nov 2023 06:17:29 GMT
collect
region1.analytics.google.com/g/
0
17 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je3b81v890103917z876619393&_p=1700014646566&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1873590384.1700014647&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAC&_s=3&sid=1700014646&sct=1&seg=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government&dt=&en=page_view&_et=64&tfd=7423
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 15 Nov 2023 02:17:31 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.proofpoint.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ads.avocet.io
URL
https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
Domain
ads.avocet.io
URL
https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j

Verdicts & Comments Add Verdict or Comment

168 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture object| dataLayer object| google_tag_manager object| google_tag_data object| google_optimize function| gtag function| onYouTubeIframeAPIReady object| gaGlobal function| postscribe object| google_tag_manager_external string| GoogleAnalyticsObject function| ga object| GooglebQhCsO object| NREUM object| webpackChunk:NRBA-1.246.1.PROD object| newrelic boolean| use_existing_jquery number| is_spa string| hide_element boolean| f object| d object| code number| settings_timer number| _vwo_settings_timer object| _vwo_code object| gaplugins object| gaData number| _vwo_j_e string| _vwo_mt string| _vwo_tm string| _vwo_cookieDomain number| _vwo_acc_id object| vwo_iehack_queue object| VWO object| Modernizr object| st object| __stdos__ boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus function| __sharethis__docReady object| __sharethis__ object| ua_fields function| processEpsilonData string| epsilonName boolean| enabled function| callback number| version object| _6si object| vimeoGAJS string| _linkedin_partner_id object| _linkedin_data_partner_ids function| drift undefined| driftt function| fbq function| _fbq object| techtargetic function| lintrk function| saq function| _saq function| UET function| UET_init function| UET_push object| ueto_98445bc508 object| uetq object| process boolean| _already_called_lintrk object| ORIBILI object| MktoForms2 object| 3eiXJRXgVuLsYGH9303q object| regeneratorRuntime object| _driftFrames object| __post_robot_10_0_46__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ string| __DRIFT_BRANCH__ boolean| drift_invoked function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| google_conversion_id object| google_custom_params object| google_remarketing_only function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments function| once function| ownKeys function| _objectSpread function| _defineProperty function| _ function| jQuery undefined| $ object| Backbone object| drupalSettings object| Drupal object| picturefillCFG function| picturefill object| tabbable object| Cookies object| geoip2 object| res object| saCookies string| current_window_url_param object| MunchkinTracker function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray function| BaseClass object| webpackJsonp object| core function| setImmediate function| clearImmediate boolean| _babelPolyfill object| FontAwesomeConfig object| ___FONT_AWESOME___ boolean| VimeoPlayerResizeEmbeds_ function| subscribeToMarketoFormEvent string| axel number| a function| addCaptchaScript object| jQuery112405276557252035523

35 Cookies

Domain/Path Name / Value
www.proofpoint.com/us/blog/threat-insight Name: hide_lang_switcher
Value: 1
www.proofpoint.com/us/blog/threat-insight Name: pp_user_country
Value: de
.proofpoint.com/ Name: visid_incap_177663
Value: lAICFzswRSuJTKsyWNaU1jQqVGUAAAAAQUIPAAAAAABr0fTH+OP0gyDwQay3vin8
.proofpoint.com/ Name: incap_ses_6547_177663
Value: kB86GOQA/xiM5+YhUJ7bWjYqVGUAAAAACPn+wPph+Q/6d4a+6F/Adg==
.proofpoint.com/ Name: _gcl_au
Value: 1.1.322505348.1700014647
.proofpoint.com/ Name: _ga_B1V8SZE3GL
Value: GS1.1.1700014646.1.1.1700014646.60.0.0
.proofpoint.com/ Name: _ga
Value: GA1.2.1873590384.1700014647
.proofpoint.com/ Name: _gid
Value: GA1.2.949271913.1700014647
.proofpoint.com/ Name: _gat_UA-2257074-1
Value: 1
.proofpoint.com/ Name: _vwo_uuid_v2
Value: D3E9C780FA3BEB536B3A2E0B001E5D6D7|d27ef5bddeb32157e5f5f01c00696824
.app-abj.marketo.com/ Name: __cf_bm
Value: MjfP_gYC54d2Ju.eV3MG24unBoqSj9NNaS1HKRVOiK8-1700014647-0-ATd4fWiMn5VMwvK2Thzik4twkPU0jBAqKOmttIT+IhmSrtbjxXEeIBdgmFZ1rMoZ2+cVyoq7mgqF1KahLnS38Vk=
.techtarget.com/ Name: __cf_bm
Value: 5qsYeBJ9zpKw5r6vEUxwuXkqBbG6dHrQLhCXgff7Mco-1700014647-0-AaOQyBSRE/sTUcRDmk0C0U4yseXipOMupS8b3WzwYdEFbcHs+IFP3tXXlGZdHfJHVRt7pdVrS9MNcNfVFGSS8nY=
.linkedin.com/ Name: lidc
Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2709:u=1:x=1:i=1700014647:t=1700101047:v=2:sig=AQG_Bdow_s3vYV3m9hKA3pRtnvXcy_2O"
.proofpoint.com/ Name: _fbp
Value: fb.1.1700014647940.1888615543
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-54cb0e83-20ac-590a-548e-44c5abe7216b.%2FSvY4q8feJPfVF06byAhHq2TV4apA4xJw50oA98dChg
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-54cb0e83-20ac-590a-548e-44c5abe7216b.%2FSvY4q8feJPfVF06byAhHq2TV4apA4xJw50oA98dChg
tags.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AVMsOgyCsWQpUjkTFq-chay2NmEk.7En7dnNIjZrnNsMBzHhwWiIlTCsJbhgJUf7%2BMPwFn8A
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AVMsOgyCsWQpUjkTFq-chay2NmEk.7En7dnNIjZrnNsMBzHhwWiIlTCsJbhgJUf7%2BMPwFn8A
tags.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIKI2ZiLnEicP7zgVCpCFBk31l6UUG2_yjbJLzfnMbNZ5EHwYBCC31NCqBjABOgRzygDyQgQgaYoD.exj0HNFWG6gX7moC3ZHrkQ27LHHtAoF%2BPDbDpUauyCc
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIKI2ZiLnEicP7zgVCpCFBk31l6UUG2_yjbJLzfnMbNZ5EHwYBCC31NCqBjABOgRzygDyQgQgaYoD.exj0HNFWG6gX7moC3ZHrkQ27LHHtAoF%2BPDbDpUauyCc
www.proofpoint.com/ Name: sa-user-id
Value: s%253A0-54cb0e83-20ac-590a-548e-44c5abe7216b.%252FSvY4q8feJPfVF06byAhHq2TV4apA4xJw50oA98dChg
www.proofpoint.com/ Name: sa-user-id-v2
Value: s%253AVMsOgyCsWQpUjkTFq-chay2NmEk.7En7dnNIjZrnNsMBzHhwWiIlTCsJbhgJUf7%252BMPwFn8A
www.proofpoint.com/ Name: sa-user-id-v3
Value: s%253AAQAKIKI2ZiLnEicP7zgVCpCFBk31l6UUG2_yjbJLzfnMbNZ5EHwYBCC31NCqBjABOgRzygDyQgQgaYoD.exj0HNFWG6gX7moC3ZHrkQ27LHHtAoF%252BPDbDpUauyCc
.adnxs.com/ Name: uuid2
Value: 7816156554566731126
.linkedin.com/ Name: li_sugr
Value: d4401619-c3ee-465c-b09b-a932a296565e
.linkedin.com/ Name: bcookie
Value: "v=2&4205349b-e1ee-4feb-8749-d9a09c68bdd5"
tracking.g2crowd.com/ Name: _session_id
Value: 86d1e9eeda87c4eeaa40b60043036d1e
.g2crowd.com/ Name: __cf_bm
Value: 7LcpzNp1yPhHNBDpnz.pP8WD22sV_Kxoxw4cLO7Wo9o-1700014648-0-ATqFjaFnmZEuB+wdKhiN9v7lg860FCKB080UbYXd7Kq3M0x1u3zLQaqxUu6OWJmNiWBWvlIo/ocoeubPtq2XtWk=
.doubleclick.net/ Name: IDE
Value: AHWqTUmsDqEZ82Dsdq6qjjpZcuR1FBs6oOwnFB5rRkfFKKliMAxuNdRYklGdArr0
.linkedin.com/ Name: li_gc
Value: MTswOzE3MDAwMTQ2NDg7MjswMjFtaA7ZZF2qSLs9jjqPHcfmAOI4/q10WLxwVpv2MgCMkA==
.proofpoint.com/ Name: _mkto_trk
Value: id:309-RHV-619&token:_mch-proofpoint.com-1700014648267-64633
.proofpoint.com/ Name: _uetsid
Value: 1fe2b780835d11eeab8cc1bbde5bc854
.proofpoint.com/ Name: _uetvid
Value: 1fe2ec60835d11ee991dc14dcc45aa45
.bing.com/ Name: MUID
Value: 22A99ECFB47D6B5118878D05B57D6A3D
.mathtag.com/ Name: uuid
Value: 73736554-2a3a-4e00-989b-b04988ae4413

3 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript warning URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government(Line 889)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government(Line 889)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Security-Policy default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ads.avocet.io
adservice.google.com
app-abj.marketo.com
attr.ml-api.io
bat.bing.com
buttons-config.sharethis.com
connect.facebook.net
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
j.6sc.co
js.driftt.com
l.sharethis.com
munchkin.marketo.net
pixel.mathtag.com
platform-api.sharethis.com
platform-cdn.sharethis.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.ml-attr.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
tags.srv.stackadapt.com
tracking.g2crowd.com
trk.techtarget.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.proofpoint.com
ads.avocet.io
104.16.95.80
13.107.42.14
13.32.27.75
142.250.186.166
142.250.186.66
18.159.73.23
18.196.251.91
18.245.86.73
184.31.85.59
185.89.210.90
192.28.144.124
2.17.100.193
2001:4860:4802:32::36
2001:4860:4802:36::178
2600:9000:206f:a000:c:abe:f440:93a1
2600:9000:211e:2600:12:3734:2a40:93a1
2600:9000:2156:6a00:1d:85c3:6640:93a1
2606:4700:4400::6812:216e
2606:4700:4400::6812:2b1f
2606:4700:4400::ac40:973c
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::2008
2a00:1450:4001:810::2002
2a00:1450:4001:811::200e
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:82b::200a
2a00:1450:400c:c0a::9b
2a02:26f0:3500:16::215:149b
2a02:e980:107::cf
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
34.111.208.231
34.96.102.137
68.67.153.60
95.101.148.198
00a028b6540a3f5309fccc8c5c6d5d5e1da884807e21931d907f29f7247ea734
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
029d219cdef5f07caa9c512aa1e804f9251cc8623c2461dd9c01cb680700da97
03a53691887c06fefe205b60f48580a4c74244397d0799abfd2e0548f0d91b89
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
0e4f575236c7bc656fe2c1f6f84aa70646ef66bbdb54259d4334349f693e61f9
0f95243b84215f5c6187452bccc0df8e5442db6d0150855df3c9c355796da6a8
14d010960eda6474575835081ee8328de559d79197487e06c3138b8a7336392a
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
18ee87e5590c5430c97c7690c34100ac436c43888326651fc755a5565f8795fd
1cf21f57d161f8de548c33c5232d48fa022d3a594ce5ea0df88b48ffeab17525
1f82d161ac3cd34fbb392e867c7263caaeaddbca20cae29e735247e024e5a72e
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
25ba861b08fdb37d990f6e72e31a67463c20deb1b35951d4a210a8f5ceeeb0c5
29e344583ba037b5fca2ae56b1145412b7640b7abacd41dd3db895e5b6cc1019
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2fdb22da214a2f7bcfb7d56f8abbdca611c002e04b290aff79caa93d4aaa76f3
3185095231cb6400053376f555f264f8ec296dd7fc8caf7278d9c79f830d2382
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
34eace17373618f0ef6ad0052c607c2b3a6c02af6a6e0a1d16fa15efb97c139d
3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4
467daf0e8b354082fca6735426bc90ba1ab30ecc6c09d7f9489b0f8fd55fd8ca
478c2a1c11e32fe4929b4148a2fe14aee8ec1f3949c0cde9f5ef6e60f823cab9
479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67
47afaf387fdb659d80ab21cfefb171443d12070f193213ad09f223a84be9e614
485e87af4a84c6a945d42fc2c9492faf0b9b014f21e10e983f87da92949a22f5
4a6b23f2e9104338fbd23f2dbeed9d66d1e6ce39ff19c62b3df45a8fb1785105
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5680e67bec883a7cc47635705afdaa0d28ad681a1bec515983784fe6c002356b
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
595d9725a69c9594b863f145e0aafaf64fa5831c8c70e851a5c978704ad43b63
5c08889ed9c4b5d83121cc4bc9befedfc985b0b183eac6e2d1bdb039c208c595
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5f3083b731588016304b0ac105b66985b8ffc9d2c7a2e627f0435da5e86a4648
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
637bd059ef7a81089f0b6111be2ed656ca25fdf9200af682a3154a4ab5eab498
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6cfd4dca119d8d3be1d88aa7a0701c88c9017595b6a29cfd6e180fd86365ef89
6e7f06cecdda33dd8fa46bd2cbcf3fd3a73807ea24c9b9ef4a0482052cd01f88
736e498b39dbb51fddaff1dd25a4f99a2c6c5842c43a8fd9e74fb204c4a3eec2
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed
7b2313d18625741bd439b3e67b820cfcbd9ac7ef52b0b4b4e510b7b43482428f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
89cfdadb23c7206b508ca2007f1e8c183f609fd283a91b03e19b64ee2f03a288
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353
94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae
96edd93e84addeee41ef9c34f49a339fead522f84e7c61a48877c8768b5d7caf
a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394
aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448
c91929775a0a386b33430cdd6f79f61f90006d62d5834fd4427844b3b561116a
cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120
d3333bcd8b6008776f09dcde1eee0f68616c97d56abb4a6cf25f8a15f6bc84f8
d53ad65904b3e7c8a7dbf9479478e5c3f84ac198f1d81f3a97edd0e4af552e3a
d54bab8c96d8261e2b8ff57aaa455d48ac517038d8f7fcf9265801d9b6b21e45
da13ebf952c6f7bc3e4646de0c977f12a3523a5015e175b6441b42e1e7207cd2
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6ff9c0c443a9050137759816c352d43e96a673bb4023c2ba231cdbed6fe6f52
eb95637efae5654befe368b4414900156bcef3ea8d3a8b29b1c4abf37da728c2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0a5e13a7ed4320f7acc7dd0c9a7a91083196c253ba3e029e8acd369be545558
f4f32bfaaf7aa59e6ccb567d42477b7ac04fc4df29a6219b50337677f190bfd4
f6c72789b4be7183c5626eed5975d7c22403d4a8ceb73db591128f7fabdbe9c5
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a