URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Submission: On July 25 via api from TR — Scanned from US

Summary

This website contacted 31 IPs in 2 countries across 22 domains to perform 136 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is cofense.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 15th 2024. Valid for: 8 months.
This is the only time cofense.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
81 141.193.213.20 209242 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:141b:e80... 20940 (AKAMAI-ASN1)
2 2607:f8b0:400... 15169 (GOOGLE)
11 23.48.104.75 20940 (AKAMAI-ASN1)
1 2600:141b:e80... 20940 (AKAMAI-ASN1)
1 4 2620:1ec:c11:... 8068 (MICROSOFT...)
1 104.16.117.43 13335 (CLOUDFLAR...)
2 23.207.134.130 16625 (AKAMAI-AS)
1 52.85.151.80 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2620:1ec:bdf::40 8075 (MICROSOFT...)
1 146.75.82.109 54113 (FASTLY)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2001:4860:480... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
2 34.111.208.231 396982 (GOOGLE-CL...)
1 54.175.123.196 14618 (AMAZON-AES)
4 6 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 52.20.195.32 14618 (AMAZON-AES)
1 68.67.161.182 29990 (ASN-APPNEX)
2 2600:1408:ec0... 20940 (AKAMAI-ASN1)
1 192.28.144.124 15224 (OMNITURE)
2 20.114.189.70 8075 (MICROSOFT...)
2 13.248.142.121 16509 (AMAZON-02)
1 142.250.31.97 15169 (GOOGLE)
1 142.251.167.156 15169 (GOOGLE)
1 2 20.110.205.119 8075 (MICROSOFT...)
1 216.239.32.181 15169 (GOOGLE)
136 31
Apex Domain
Subdomains
Transfer
81 cofense.com
cofense.com
670 KB
13 6sc.co
j.6sc.co — Cisco Umbrella Rank: 12402
c.6sc.co — Cisco Umbrella Rank: 16017
ipv6.6sc.co — Cisco Umbrella Rank: 12823
b.6sc.co — Cisco Umbrella Rank: 6896
21 KB
7 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 669
www.linkedin.com — Cisco Umbrella Rank: 914
px4.ads.linkedin.com — Cisco Umbrella Rank: 7330
5 KB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 1114
t.clarity.ms — Cisco Umbrella Rank: 8415
c.clarity.ms — Cisco Umbrella Rank: 1838
28 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 534
c.bing.com — Cisco Umbrella Rank: 341
16 KB
3 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
416 B
3 google.com
analytics.google.com — Cisco Umbrella Rank: 238
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 66995
ibc-flow.techtarget.com — Cisco Umbrella Rank: 63746
2 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
341 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 18992
714 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 8471
6 KB
2 qualified.com
js.qualified.com — Cisco Umbrella Rank: 50475
app.qualified.com — Cisco Umbrella Rank: 52147
291 KB
1 mktoresp.com
404-jhu-612.mktoresp.com
318 B
1 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 764
700 B
1 okt.to
okt.to — Cisco Umbrella Rank: 96138
100 B
1 vimeocdn.com
extend.vimeocdn.com — Cisco Umbrella Rank: 22253
6 KB
1 oktopost.com
static.oktopost.com — Cisco Umbrella Rank: 113791
4 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 10891
2 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
1 typekit.net
p.typekit.net — Cisco Umbrella Rank: 1499
172 B
0 lltrck.com Failed
lltrck.com Failed
136 22
Domain Requested by
81 cofense.com cofense.com
8 b.6sc.co cofense.com
5 px.ads.linkedin.com 3 redirects snap.licdn.com
3 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
3 analytics.google.com www.googletagmanager.com
3 bat.bing.com www.googletagmanager.com
bat.bing.com
cofense.com
3 www.googletagmanager.com cofense.com
www.googletagmanager.com
www.google-analytics.com
2 c.clarity.ms 1 redirects
2 epsilon.6sense.com j.6sc.co
2 t.clarity.ms www.clarity.ms
2 ipv6.6sc.co j.6sc.co
2 c.6sc.co j.6sc.co
2 ibc-flow.techtarget.com trk.techtarget.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.clarity.ms cofense.com
www.clarity.ms
2 munchkin.marketo.net cofense.com
munchkin.marketo.net
1 c.bing.com 1 redirects
1 404-jhu-612.mktoresp.com munchkin.marketo.net
1 secure.adnxs.com j.6sc.co
1 okt.to static.oktopost.com
1 px4.ads.linkedin.com cofense.com
1 www.linkedin.com 1 redirects
1 app.qualified.com js.qualified.com
1 extend.vimeocdn.com www.googletagmanager.com
1 trk.techtarget.com cofense.com
1 static.oktopost.com cofense.com
1 ws.zoominfo.com cofense.com
1 snap.licdn.com www.googletagmanager.com
1 j.6sc.co cofense.com
1 p.typekit.net cofense.com
1 js.qualified.com cofense.com
0 lltrck.com Failed cofense.com
136 32

This site contains links to these domains. Also see Links.

Domain
support.cofense.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
Subject Issuer Validity Valid
cofense.com
Cloudflare Inc ECC CA-3
2024-05-15 -
2024-12-31
8 months crt.sh
qualified.com
WE1
2024-07-07 -
2024-10-05
3 months crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-01 -
2025-03-03
a year crt.sh
*.google-analytics.com
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
6sc.co
R11
2024-07-03 -
2024-10-01
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04
2024-06-19 -
2024-12-16
6 months crt.sh
zoominfo.com
E5
2024-07-18 -
2024-10-16
3 months crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
*.oktopost.com
Amazon RSA 2048 M01
2023-08-29 -
2024-09-26
a year crt.sh
trk.techtarget.com
WE1
2024-07-23 -
2024-10-21
3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2023-12-07 -
2024-12-07
a year crt.sh
*.vimeocdn.com
GlobalSign Atlas R3 DV TLS CA 2023 Q4
2023-11-22 -
2024-12-23
a year crt.sh
*.google.com
WR2
2024-07-01 -
2024-09-23
3 months crt.sh
*.g.doubleclick.net
WR2
2024-06-24 -
2024-09-16
3 months crt.sh
ibc-flow.techtarget.com
WR3
2024-07-02 -
2024-09-30
3 months crt.sh
app.qualified.com
R11
2024-07-21 -
2024-10-19
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-07-01 -
2025-01-01
6 months crt.sh
okt.to
R10
2024-06-22 -
2024-09-20
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-07 -
2024-10-07
a year crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08
2024-06-23 -
2025-06-18
a year crt.sh
*.6sense.com
Amazon RSA 2048 M03
2024-04-01 -
2025-04-30
a year crt.sh

This page contains 2 frames:

Primary Page: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Frame ID: 65A318805CFC03A43737DDA4E1D43C84
Requests: 145 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=4ca4a9b9-9384-41db-b923-814ad185d1b3
Frame ID: 5A7185F112259BF50B7175CF608C888E
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Malware Exploit Bypasses SEGs Leaving Organizations at Risk

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

136
Requests

96 %
HTTPS

40 %
IPv6

22
Domains

32
Subdomains

31
IPs

2
Countries

1428 kB
Transfer

4570 kB
Size

37
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 114
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2 HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1721873469616%26url%3Dhttps%253A%252F%252Fcofense.com%252Fblog%252Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJM0EHkQVC4DAAAAZDnqBLpXxdQHFAoYN_SIcmEFLUFlSeC7NpBTINvWLvrbY5l3wXXXA
Request Chain 138
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6801A065A3BF4C959F9D232F725E4152&RedC=c.clarity.ms&MXFR=0265C93439B3688736D2DDF33DB36690 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6801A065A3BF4C959F9D232F725E4152&MUID=00726EF53FC56BFC2F537A323E2B6AA7

136 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
139 KB
26 KB
Document
General
Full URL
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
068fa7ca7bdc8575f14fc0fd401c6302414c246f8264c45afe6e3cae05f602a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
max-age=2419200, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8a889e11687a2ef7-LAX
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 25 Jul 2024 02:11:07 GMT
last-modified
Wed, 24 Jul 2024 09:27:35 GMT
link
<https://cofense.com/wp-json/>; rel="https://api.w.org/" <https://cofense.com/wp-json/wp/v2/posts/106226>; rel="alternate"; type="application/json" <https://cofense.com/?p=106226>; rel=shortlink
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
referrer-policy
no-referrer-when-downgrade
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 349
x-cache-group
normal
x-cacheable
YES:2419200.000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-pingback
https://cofense.com/xmlrpc.php
x-powered-by
WP Engine
x-xss-protection
1; mode=block
cursor.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/animated-typing-effect/assets/css/
320 B
194 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/animated-typing-effect/assets/css/cursor.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2e0ee5e469ac9df09b8eaf79b81cd5628259671c7ea33a98d6acd86dfcadc1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-140"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12dafc2ef7-LAX
style.css
cofense.com/wp-content/cache/min/1/wp-content/themes/cofense/
8 KB
3 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/themes/cofense/style.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3dfc3f03106f85ab56ceaadf44433f35cca4209d64922d50a1c650c90aa60ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-1fc3"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12dafe2ef7-LAX
elementor-icons.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/
19 KB
4 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e0a2682f332ad73c814d560931716335637b94644ac72cac93adfd7bb3eec4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-4dff"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12daff2ef7-LAX
frontend-lite.min.css
cofense.com/wp-content/plugins/elementor/assets/css/
115 KB
14 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.18.3
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ecbdb2dc3f86c7ed142dce156d8f3ca1846b75bb512471935f45b8c8949645e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 21 Dec 2023 20:52:50 GMT
server
cloudflare
etag
W/"6584a5a2-1ca54"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12db002ef7-LAX
swiper.min.css
cofense.com/wp-content/plugins/elementor/assets/lib/swiper/css/
13 KB
2 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-324c"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12db032ef7-LAX
post-15.css
cofense.com/wp-content/uploads/elementor/css/
7 KB
1 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1709762393
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
773104676519ca589032709ad2032bb86d86e5ff521b005c32ca77efabfb5917
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 21:59:53 GMT
server
cloudflare
etag
W/"65e8e759-1c52"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12db052ef7-LAX
frontend-lite.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/
11 KB
2 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.18.1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
60afa9c27db666400527f22830801ef3729f5d5b87f7b5067f83440ff2496bf4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:27 GMT
server
cloudflare
etag
W/"65733f03-2b2d"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12db062ef7-LAX
post-93807.css
cofense.com/wp-content/uploads/elementor/css/
3 KB
847 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-93807.css?ver=1709762393
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f413e41c7570ce02b76c3ae336f4d0b41c4825b0d541d392eaaa3d297c37cd3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 21:59:53 GMT
server
cloudflare
etag
W/"65e8e759-d60"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12db082ef7-LAX
post-104967.css
cofense.com/wp-content/uploads/elementor/css/
16 KB
2 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-104967.css?ver=1721826455
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0715107f2dd6a8cd336e310c83a0610bd746a455bf52b6e7b4f2ebd8f1d55503
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Jul 2024 13:07:35 GMT
server
cloudflare
etag
W/"66a0fc97-41f8"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12db0e2ef7-LAX
post-104976.css
cofense.com/wp-content/uploads/elementor/css/
25 KB
3 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-104976.css?ver=1711473397
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5333d5e653f78ce38cea1f529d9ec04b857189992dfbfb4d4af78afef6e571ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 26 Mar 2024 17:16:37 GMT
server
cloudflare
etag
W/"660302f5-6443"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e12db112ef7-LAX
post-1386.css
cofense.com/wp-content/uploads/elementor/css/
10 KB
2 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-1386.css?ver=1712688134
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2059fca38ad9519cd980c3b62dca5f77d2cb02686ae61efe65f9860af4b7252
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 09 Apr 2024 18:42:14 GMT
server
cloudflare
etag
W/"66158c06-2783"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bb12ef7-LAX
widget-styles.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/
436 KB
50 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b069f7437ebdeb87f72373c10c2fd1b4daf67e3d277730fe66df19f0fb4d3ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-6ceb2"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bb32ef7-LAX
responsive.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/
30 KB
3 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
12c3f7bc60c99d1b6b634d6cd16fbb0e26ae75ddda15d7a6e5106cd5dad83f14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-765b"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bb52ef7-LAX
ecs-style.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/ele-custom-skin/assets/css/
6 KB
1 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/ele-custom-skin/assets/css/ecs-style.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cbc49b1385bf29debe95333f04795a6e3a2cf218d88b415b29872d06491fd1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-19b2"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bb92ef7-LAX
post-1462.css
cofense.com/wp-content/uploads/elementor/css/
3 KB
762 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-1462.css?ver=1701254857
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ff05de64105bca28e087ae2b0a924bdb50d8d48837c4c46d3de5ed2e2ec0d33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:00:57 GMT
server
cloudflare
etag
W/"65e8e799-a0f"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bba2ef7-LAX
post-86702.css
cofense.com/wp-content/uploads/elementor/css/
902 B
330 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-86702.css?ver=1666612343
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6eafef48033bf87526b129f8f292a7ea8b943988241b3abefe94d3a95668ac8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:00:56 GMT
server
cloudflare
etag
W/"65e8e798-386"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bbc2ef7-LAX
post-86773.css
cofense.com/wp-content/uploads/elementor/css/
2 KB
562 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-86773.css?ver=1666885690
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bacd426460574c0fc84822fd3846441f1040b4374c8350d67271049bd29fc6d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:00:57 GMT
server
cloudflare
etag
W/"65e8e799-7ae"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bbd2ef7-LAX
post-94275.css
cofense.com/wp-content/uploads/elementor/css/
2 KB
539 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-94275.css?ver=1701694125
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
19a1a7a1e6c803ce9f72c242437fcb8c70de147c04e90f93e10e48a1390b8e93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:05:47 GMT
server
cloudflare
etag
W/"65e8e8bb-782"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bbe2ef7-LAX
post-96442.css
cofense.com/wp-content/uploads/elementor/css/
2 KB
543 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-96442.css?ver=1680173529
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb5b6c52c072488848fbe51554382a6bc0be26a315e7558aa5ad61df4433b2dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:00:56 GMT
server
cloudflare
etag
W/"65e8e798-7ac"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bc02ef7-LAX
post-96443.css
cofense.com/wp-content/uploads/elementor/css/
2 KB
507 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-96443.css?ver=1684235063
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
afea0df3f263254aedfd261ee242cfa668179aeaa1f07c1f8eb6aaeee21de2bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:00:56 GMT
server
cloudflare
etag
W/"65e8e798-7ac"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bc12ef7-LAX
post-96445.css
cofense.com/wp-content/uploads/elementor/css/
2 KB
542 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-96445.css?ver=1675169689
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
44c68a4716777a09c291d971f91468c7e72dd2beadecd931aaea641758f4d726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:00:57 GMT
server
cloudflare
etag
W/"65e8e799-89c"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bc22ef7-LAX
post-105089.css
cofense.com/wp-content/uploads/elementor/css/
2 KB
516 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-105089.css?ver=1700148563
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7da3ef42dba768092b363f7d643a0fadc6ce1120f6313efe28c73b7d41aa945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 22:00:28 GMT
server
cloudflare
etag
W/"65e8e77c-637"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bc52ef7-LAX
fontawesome.min.css
cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/
57 KB
12 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-e238"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bc62ef7-LAX
solid.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/
1 KB
409 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc7e118b7e07217031d017282955569cb66891f527050135caadb2dd5779824f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-43a"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bc92ef7-LAX
brands.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/
1 KB
410 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8449a28a151415d580be1dfd69056906199f1dd6ceb2c1b5edf61950ada9d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-440"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bca2ef7-LAX
jquery.min.js
cofense.com/wp-includes/js/jquery/
86 KB
31 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 28 Aug 2023 17:14:23 GMT
server
cloudflare
etag
W/"64ecd5ef-15601"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133be62ef7-LAX
jquery-migrate.min.js
cofense.com/wp-includes/js/jquery/
13 KB
5 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 09 Jun 2023 05:49:24 GMT
server
cloudflare
etag
W/"6482bd64-3509"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133be82ef7-LAX
ecs_ajax_pagination.js
cofense.com/wp-content/plugins/ele-custom-skin/assets/js/
4 KB
1 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ecs_ajax_pagination.js?ver=3.1.7
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
95af163892829a3ef249441b70b2c8281b845edea4b24680d3326486861d6082
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:17 GMT
server
cloudflare
etag
W/"64405229-ecb"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133be92ef7-LAX
ecs.js
cofense.com/wp-content/plugins/ele-custom-skin/assets/js/
284 B
426 B
Script
General
Full URL
https://cofense.com/wp-content/plugins/ele-custom-skin/assets/js/ecs.js?ver=3.1.7
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
566d4c5dfefc9c4d867e6bef080917a4273b4228731a8700e81f1763eae3d861
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-11c"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133beb2ef7-LAX
zlo5wor.css
cofense.com/wp-content/cache/min/1/
816 B
419 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/zlo5wor.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c1a5c4b5574a4104a92b2e700e6f0fc5b001c4297ebc5a1e76d67b1fbeb1c2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-330"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bcf2ef7-LAX
qualified.js
js.qualified.com/
1 MB
291 KB
Script
General
Full URL
https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
423bfe7d5fe7eef06a8923da955d707e790aa85e764b9b16df669baaabc5b2c4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
content-encoding
gzip
via
1.1 spaces-router (42359e36e9bb)
strict-transport-security
max-age=63072000; includeSubDomains
cf-cache-status
MISS
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
x-request-id
3705b872-9ec6-3051-0c3a-39b08882e641
pragma
no-cache
x-runtime
0.020517
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"423bfe7d5fe7eef06a8923da955d707e"
x-download-options
noopen
vary
Accept,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=14400
cf-ray
8a889e16780a2b9a-LAX
expires
Thu, 25 Jul 2024 06:11:08 GMT
widget-icon-list.min.css
cofense.com/wp-content/plugins/elementor/assets/css/
10 KB
1 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba8bea6a6bbbb634afd80fa6128f556a2d09331a9b5e14754d134c43748d5dcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 21 Dec 2023 20:52:52 GMT
server
cloudflare
etag
W/"6584a5a4-26c1"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bd12ef7-LAX
widget-theme-elements.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/
10 KB
2 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-theme-elements.min.css
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc94b523bab0c0ea56ba4a61309d8eda8d05c473b2c61be2d2c184edaf67396a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:30 GMT
server
cloudflare
etag
W/"65733f06-26fa"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bd52ef7-LAX
widget-share-buttons.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/
30 KB
2 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-share-buttons.min.css
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
591fd71bda2fa154c76c78b44b715b0039fdd853d87164d0dd7ca8560a81bf26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:30 GMT
server
cloudflare
etag
W/"65733f06-777b"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bd62ef7-LAX
widget-posts.min.css
cofense.com/wp-content/plugins/elementor-pro/assets/css/
14 KB
2 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/css/widget-posts.min.css
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
75ecb73af38f024c1e8839ac779bc757436e6b393dd19bba54f0ac37a953ecdd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:29 GMT
server
cloudflare
etag
W/"65733f05-374b"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bd92ef7-LAX
post-104982.css
cofense.com/wp-content/uploads/elementor/css/
4 KB
809 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-104982.css?ver=1709762393
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1bfcbf54f027c5328af5d39838ae5f2516bc570e85beebc9250a3ecbca2774a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 21:59:53 GMT
server
cloudflare
etag
W/"65e8e759-10b8"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bda2ef7-LAX
post-104983.css
cofense.com/wp-content/uploads/elementor/css/
7 KB
1 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-104983.css?ver=1711385281
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7108c57d4a139fafb6229cd0a3d6c12dc201366e2f0af5ddbb1d847a7a8d0e74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 25 Mar 2024 16:48:01 GMT
server
cloudflare
etag
W/"6601aac1-1a04"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bdb2ef7-LAX
post-104984.css
cofense.com/wp-content/uploads/elementor/css/
3 KB
566 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-104984.css?ver=1709762394
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fa0d3f28e02fb507026ccc3ac09f13c0b337fbdd78c81c389c6fed9f85d5813
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 21:59:54 GMT
server
cloudflare
etag
W/"65e8e75a-bf5"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bdc2ef7-LAX
post-104985.css
cofense.com/wp-content/uploads/elementor/css/
3 KB
571 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-104985.css?ver=1709844734
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c7089dd16dcc95505ef77a7e63ab602d96a1f09f2fe0b125607e177077f0706
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Mar 2024 20:52:14 GMT
server
cloudflare
etag
W/"65ea28fe-bda"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bde2ef7-LAX
post-104986.css
cofense.com/wp-content/uploads/elementor/css/
3 KB
615 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-104986.css?ver=1709762394
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2479d6764c0ca2e4fe21c29601abd54bcf84ede3d3b7e9c0b7ce8b2587b15e23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 21:59:54 GMT
server
cloudflare
etag
W/"65e8e75a-bf9"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133be02ef7-LAX
regular.min.css
cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/
1 KB
408 B
Stylesheet
General
Full URL
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=1715698152
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f42fa1fe21c3cdf7ccfa09bfb44d1325bd3713e1ddb82e661e2c28002eef957
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 14 May 2024 14:49:12 GMT
server
cloudflare
etag
W/"664379e8-442"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133be12ef7-LAX
post-96724.css
cofense.com/wp-content/uploads/elementor/css/
7 KB
1 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/uploads/elementor/css/post-96724.css?ver=1709762394
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d211254060b80fc2201de96d1ce64210ab0540fea0e20403a2d1cd3a844c9bd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 06 Mar 2024 21:59:54 GMT
server
cloudflare
etag
W/"65e8e75a-1c54"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133be22ef7-LAX
animations.min.css
cofense.com/wp-content/plugins/elementor/assets/lib/animations/
18 KB
3 KB
Stylesheet
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.18.3
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:17 GMT
server
cloudflare
etag
W/"64405229-4824"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133be42ef7-LAX
lazysizes.min.js
cofense.com/wp-content/plugins/ewww-image-optimizer/includes/
15 KB
6 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/ewww-image-optimizer/includes/lazysizes.min.js?ver=770
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88d976ec9c0fc488231f8152d80fb875965ce0d3143428f79d74796541c33464
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
157
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 07 Jun 2024 07:21:52 GMT
server
cloudflare
etag
W/"6662b510-3ded"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e199b912a98-LAX
typed.js
cofense.com/wp-content/plugins/animated-typing-effect/assets/js/
15 KB
4 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/animated-typing-effect/assets/js/typed.js?ver=1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
561cee3ce7c56f84f342daeef6d3be53a01f09375f48f915b006779a62852dc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 16 Nov 2023 21:33:21 GMT
server
cloudflare
etag
W/"65568aa1-3cff"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bec2ef7-LAX
typed.fe.js
cofense.com/wp-content/plugins/animated-typing-effect/assets/js/
729 B
427 B
Script
General
Full URL
https://cofense.com/wp-content/plugins/animated-typing-effect/assets/js/typed.fe.js?ver=1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
65fde5fc0a0151d33bea0bfc69398048f6037da276705d396761015b31ccba84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 16 Nov 2023 21:33:21 GMT
server
cloudflare
etag
W/"65568aa1-2d9"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bee2ef7-LAX
navigation.js
cofense.com/wp-content/themes/cofense/js/
3 KB
1 KB
Script
General
Full URL
https://cofense.com/wp-content/themes/cofense/js/navigation.js?ver=1.0.0
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ee0654259fda0bbfeab4305b895e740659613080d90352bd36c1452fd426ef6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:13 GMT
server
cloudflare
etag
W/"64405225-ba4"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bf22ef7-LAX
frontend-script.js
cofense.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/
40 B
113 B
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=3.0.4
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-28"
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bf52ef7-LAX
widget-scripts.js
cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/
134 KB
37 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=3.0.4
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
03ca8c38633872b885f1e54e729c4597da2f1c52d06f9a5289ddda7ca3a9930c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 05 Jul 2023 20:27:14 GMT
server
cloudflare
etag
W/"64a5d222-2194d"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bf62ef7-LAX
imagesloaded.min.js
cofense.com/wp-includes/js/
5 KB
2 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/imagesloaded.min.js?ver=5.0.0
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 11 Aug 2023 18:18:26 GMT
server
cloudflare
etag
W/"64d67b72-1590"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bf82ef7-LAX
webpack-pro.runtime.min.js
cofense.com/wp-content/plugins/elementor-pro/assets/js/
6 KB
3 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.18.1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b812fc324c6d53b4894d498952a9c8d6629e52404a357a6ff01dedadc86a032
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:27 GMT
server
cloudflare
etag
W/"65733f03-16c1"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bf92ef7-LAX
webpack.runtime.min.js
cofense.com/wp-content/plugins/elementor/assets/js/
5 KB
2 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.18.3
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
942c9264f9de00fecac162d8f657d9d32a977882341f6ab66e8bf98dab5e1e76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 21 Dec 2023 20:52:49 GMT
server
cloudflare
etag
W/"6584a5a1-1385"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bfa2ef7-LAX
frontend-modules.min.js
cofense.com/wp-content/plugins/elementor/assets/js/
59 KB
17 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.18.3
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e604215fe4a988196d6b824554fad49143f7450349b4a2a285dad3faeba2f7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 21 Dec 2023 20:52:47 GMT
server
cloudflare
etag
W/"6584a59f-eb0d"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bfc2ef7-LAX
wp-polyfill-inert.min.js
cofense.com/wp-includes/js/dist/vendor/
8 KB
3 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 18 Jan 2023 11:16:33 GMT
server
cloudflare
etag
W/"63c7d511-1feb"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133bff2ef7-LAX
regenerator-runtime.min.js
cofense.com/wp-includes/js/dist/vendor/
6 KB
3 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 19 Sep 2023 19:30:24 GMT
server
cloudflare
etag
W/"6509f6d0-19e1"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c002ef7-LAX
wp-polyfill.min.js
cofense.com/wp-includes/js/dist/vendor/
38 KB
14 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 31 Jan 2024 12:59:56 GMT
server
cloudflare
etag
W/"65ba444c-96be"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c032ef7-LAX
hooks.min.js
cofense.com/wp-includes/js/dist/
4 KB
2 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cb546fbdda7995d374fffa4b2f6530bbcf57d014639ddf76de45df43d593045
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 31 Jan 2024 12:59:56 GMT
server
cloudflare
etag
W/"65ba444c-10d3"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c042ef7-LAX
i18n.min.js
cofense.com/wp-includes/js/dist/
9 KB
4 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 15 Feb 2024 16:53:15 GMT
server
cloudflare
etag
W/"65ce417b-23b5"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c062ef7-LAX
frontend.min.js
cofense.com/wp-content/plugins/elementor-pro/assets/js/
25 KB
7 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.18.1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
04055d9f6cd872709ef5bb10b270e4ab5176abeda27629e52da6569d5727c82b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:24 GMT
server
cloudflare
etag
W/"65733f00-6237"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c072ef7-LAX
waypoints.min.js
cofense.com/wp-content/plugins/elementor/assets/lib/waypoints/
12 KB
3 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-2fa6"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c082ef7-LAX
core.min.js
cofense.com/wp-includes/js/jquery/ui/
21 KB
7 KB
Script
General
Full URL
https://cofense.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 02 Feb 2023 16:36:32 GMT
server
cloudflare
etag
W/"63dbe690-53be"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c0b2ef7-LAX
frontend.min.js
cofense.com/wp-content/plugins/elementor/assets/js/
39 KB
13 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.18.3
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7e5b0c06ee5bbc14d3e9e9f3055b8108bab899e37aec44a227485f3c3624cee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 21 Dec 2023 20:52:48 GMT
server
cloudflare
etag
W/"6584a5a0-9df4"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c0f2ef7-LAX
elements-handlers.min.js
cofense.com/wp-content/plugins/elementor-pro/assets/js/
37 KB
10 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.18.1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e7015ac91edb803465bcfcd3001530ad97288415e56d51e09299b1097ba450e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:24 GMT
server
cloudflare
etag
W/"65733f00-94f4"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c102ef7-LAX
animate-circle.min.js
cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/
681 B
506 B
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.min.js?ver=3.0.4
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8642bcd147ba3528345f5bd17f788cd524931e093255b2c1c8344677a1ab505
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 05 Jul 2023 20:27:14 GMT
server
cloudflare
etag
W/"64a5d222-2a9"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c132ef7-LAX
elementor.js
cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/
18 KB
5 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=3.0.4
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d22a8ce5b62f7de94c4183b2528d1bc7d6b220be97b72d04c7aea220e273d58f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 08 Nov 2023 21:06:12 GMT
server
cloudflare
etag
W/"654bf844-48a1"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c162ef7-LAX
jquery.sticky.min.js
cofense.com/wp-content/plugins/elementor-pro/assets/lib/sticky/
4 KB
2 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.18.1
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-e89"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e133c182ef7-LAX
lazyload.min.js
cofense.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/
9 KB
3 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
157
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:13 GMT
server
cloudflare
etag
W/"64405225-22bc"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e199b942a98-LAX
p.css
p.typekit.net/
5 B
172 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=zlo5wor&ht=tk&f=26014&a=103167865&app=typekit&e=css
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/cache/min/1/zlo5wor.css?ver=1715698152
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:e800:11::172c:839c Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer
https://cofense.com/wp-content/cache/min/1/zlo5wor.css?ver=1715698152
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
last-modified
Sun, 10 Mar 2024 12:44:13 GMT
server
nginx
etag
"65edab1d-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
gtm.js
www.googletagmanager.com/
396 KB
125 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ea8cbae7a4d8479ebb8a06ce8154b4835f7d1422b0a021487ffeb3f5359a332b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
127305
x-xss-protection
0
last-modified
Thu, 25 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 25 Jul 2024 02:11:08 GMT
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
201cca51d07dad4d3a75b10ee802617404b214805dca07722082a0a52dee3221

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1bcdef9d98863170f786e3c5faa16adc7c07a1884b3300dd6981719cc5469553

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
19d9b52a5ca4a1f6ff7d6c7c0b381586b67868341fddb25184b68dbbc7fc17a8

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8230ed5920f71cd4822796cf361232ffb9b149702a4386eef638c017eeadef8e

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80134a65ae5e785cca88bacd46b465388e7b5733e9346c90a4e67c33f8aacda9

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
895419d5013d031243d0020dbfe6f10889d3e1ca3602326dc08121aa0b157810

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43bc01931a0d2ace0049be420914d40777996c315bb4b03e66d3d0551b24d133

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2840204925038b76e52b3e8c23c09f4d2522cd86fe900f8a7417fe7f22aa0c9f

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
67 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
20c814f817ad386cae71acf50af369d6d58af009c208e6cff9b3abefc19c202d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1c6f59568daa92440b86989c65cd80e534bdb6790431dbf46ed34e6bad60b652

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
1 KB
1 KB
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b083e03768839bb066c860f4500ad59707e613ab6c0595ca1fef4075b9f6b29e

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
img/png
truncated
/
69 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3a327ede8837b4bfeaf51589f7a32230334e59062d29f7ecd6aa5d8e0d76fbc

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
cofense-blue-background-shape.png
cofense.com/wp-content/uploads/2023/11/
13 KB
14 KB
Image
General
Full URL
https://cofense.com/wp-content/uploads/2023/11/cofense-blue-background-shape.png
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/uploads/elementor/css/post-1386.css?ver=1712688134
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e5c3253f70a6fd0d5ad6ce4be09113ca089f2a9fd1caf8480534f289c64503e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/wp-content/uploads/elementor/css/post-1386.css?ver=1712688134
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
13784
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 16 Nov 2023 21:33:12 GMT
server
cloudflare
etag
"65568a98-35d8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e19cbcd2a98-LAX
cofense-blue-red-gradient.jpg
cofense.com/wp-content/uploads/2023/11/
516 B
865 B
Image
General
Full URL
https://cofense.com/wp-content/uploads/2023/11/cofense-blue-red-gradient.jpg
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/uploads/elementor/css/post-104976.css?ver=1711473397
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b735abfd3f1b3a6f897c02349cd53c77250fe36881f5cc292e4605f5c682cc3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/wp-content/uploads/elementor/css/post-104976.css?ver=1711473397
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
157
cf-polished
status=not_needed
alt-svc
h3=":443"; ma=86400
content-length
516
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
cf-bgj
imgq:100,h2pri
last-modified
Thu, 16 Nov 2023 21:33:15 GMT
server
cloudflare
etag
"65568a9b-204"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e19cbd02a98-LAX
Mulish-SemiBold.woff2
cofense.com/wp-content/uploads/2023/11/
35 KB
36 KB
Font
General
Full URL
https://cofense.com/wp-content/uploads/2023/11/Mulish-SemiBold.woff2
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1709762393
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
478eca1affb59d9e0751d3a4a92394683a64129789656c9302d5c8729bb1930b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1709762393
Origin
https://cofense.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
156
alt-svc
h3=":443"; ma=86400
content-length
36216
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 16 Nov 2023 21:33:11 GMT
server
cloudflare
etag
"65568a97-8d78"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e1a0c1d2a98-LAX
Mulish-Black.woff2
cofense.com/wp-content/uploads/2023/11/
36 KB
36 KB
Font
General
Full URL
https://cofense.com/wp-content/uploads/2023/11/Mulish-Black.woff2
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1709762393
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccae161de19152ccdcc8063ff2ef940df52a2f36247488fb8485189bbf9afadf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/wp-content/uploads/elementor/css/post-15.css?ver=1709762393
Origin
https://cofense.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
157
alt-svc
h3=":443"; ma=86400
content-length
36408
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 16 Nov 2023 21:33:11 GMT
server
cloudflare
etag
"65568a97-8e38"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e1a0c212a98-LAX
fa-solid-900.woff2
cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/
76 KB
77 KB
Font
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1715698152
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=1715698152
Origin
https://cofense.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
157
alt-svc
h3=":443"; ma=86400
content-length
78196
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
"64405228-13174"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e1a0c232a98-LAX
fa-brands-400.woff2
cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/
75 KB
75 KB
Font
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1715698152
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/wp-content/cache/min/1/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=1715698152
Origin
https://cofense.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
age
156
alt-svc
h3=":443"; ma=86400
content-length
76764
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
"64405228-12bdc"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e1a0c272a98-LAX
dialog.min.js
cofense.com/wp-content/plugins/elementor/assets/lib/dialog/
10 KB
4 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.18.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-29fd"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e1a8cc12a98-LAX
text-editor.2c35aafbe5bf0e127950.bundle.min.js
cofense.com/wp-content/plugins/elementor/assets/js/
1 KB
1004 B
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.18.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d191094291904cb0410cf3a475ea46eee6573c0922cc204759445e326d6d9233
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 21 Dec 2023 20:52:49 GMT
server
cloudflare
etag
W/"6584a5a1-550"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e1b6df22a98-LAX
share-buttons.08f4daf4a4285a8632b8.bundle.min.js
cofense.com/wp-content/plugins/elementor-pro/assets/js/
2 KB
1 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor-pro/assets/js/share-buttons.08f4daf4a4285a8632b8.bundle.min.js
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.18.1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3779434f714ca650062318a594900af43e6f7027cf15d90bfa1641b83524040e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 08 Dec 2023 16:06:26 GMT
server
cloudflare
etag
W/"65733f02-628"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e1b8e0f2a98-LAX
cofense-tagline-logo-new.svg
cofense.com/wp-content/uploads/2023/11/
6 KB
3 KB
Image
General
Full URL
https://cofense.com/wp-content/uploads/2023/11/cofense-tagline-logo-new.svg
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7cc7d87e5cfae18265cb63d84171485c31d65a1c4860c774d19a88502a80478
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
156
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Jul 2024 13:07:22 GMT
server
cloudflare
etag
W/"66a0fc8a-1882"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e1bae2e2a98-LAX
Figure1-3-768x491.png
cofense.com/wp-content/uploads/2024/07/
77 KB
77 KB
Image
General
Full URL
https://cofense.com/wp-content/uploads/2024/07/Figure1-3-768x491.png
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f9d0336cd0508eda4cbfc5102e02162dcc853aff19a92c92d054985e6750bcc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
78988
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Jul 2024 13:21:42 GMT
server
cloudflare
etag
"66a0ffe6-1348c"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e1bae322a98-LAX
Figure2-2.png
cofense.com/wp-content/uploads/2024/07/
7 KB
8 KB
Image
General
Full URL
https://cofense.com/wp-content/uploads/2024/07/Figure2-2.png
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cbb928e9fdc993afc7d55852917fd3e2f813ba08deea92ac5d790ff589c1bd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
7384
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Jul 2024 13:21:43 GMT
server
cloudflare
etag
"66a0ffe7-1cd8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e1bae362a98-LAX
share-link.min.js
cofense.com/wp-content/plugins/elementor/assets/lib/share-link/
3 KB
1 KB
Script
General
Full URL
https://cofense.com/wp-content/plugins/elementor/assets/lib/share-link/share-link.min.js?ver=3.18.3
Requested by
Host: cofense.com
URL: https://cofense.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.18.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:42:16 GMT
server
cloudflare
etag
W/"64405228-a3c"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
cf-ray
8a889e1d98e02a98-LAX
js
www.googletagmanager.com/gtag/
339 KB
108 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a4520a0a707fc2a3a3e0a98b8bafb12e1cee7bfffd0c40ac584115506a32ef19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
110736
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 25 Jul 2024 02:11:09 GMT
6si.min.js
j.6sc.co/
68 KB
18 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 12 Jul 2024 19:23:12 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"669182a0-10e5e"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, proxy-revalidate, max-age=1800
accept-ranges
bytes
content-length
18671
expires
Thu, 25 Jul 2024 02:41:09 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:e800:59::1735:7e1c Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2024 05:33:09 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=26033
accept-ranges
bytes
content-length
14597
bat.js
bat.bing.com/
49 KB
14 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Thu, 25 Jul 2024 02:11:09 GMT
last-modified
Sat, 13 Jul 2024 20:42:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 44AD7F631C33425EAA1CA5CAEA30F7BF Ref B: LAX311000113047 Ref C: 2024-07-25T02:11:09Z
etag
"044982565d5da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14183
lt-v3.js
lltrck.com/scripts/
0
0

2Uq3HoQoVZEHgHXXf288
ws.zoominfo.com/pixel/
3 KB
2 KB
Script
General
Full URL
https://ws.zoominfo.com/pixel/2Uq3HoQoVZEHgHXXf288
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.117.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8270aef6c652b866ec1d59a755cc9efd2cd7f21bc5665cc159955ec9acdbc080
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
8a889e1f3890cec5-SJC
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.207.134.130 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-207-134-130.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 02:11:09 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type
application/x-javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
oktrk.js
static.oktopost.com/
9 KB
4 KB
Script
General
Full URL
https://static.oktopost.com/oktrk.js
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-80.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 10:47:01 GMT
content-encoding
gzip
via
1.1 38ecebcaa39c8742da2b6336935bb446.cloudfront.net (CloudFront)
last-modified
Mon, 27 Jan 2020 09:47:41 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3
age
55449
etag
W/"57315c24d6fec75c4d46a8cc3fa6e0d5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
K_7ex3BLX3SV3IiHwG42DpOmXCJR02Wygqipv1HA9-62bXEwvyFYgw==
tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security
max-age=0; includeSubDomains; preload
age
37219
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=1200
cf-ray
8a889e1f78d80cc3-LAX
expires
Thu, 25 Jul 2024 02:31:09 GMT
ed9ggbnvvo
www.clarity.ms/tag/
637 B
1001 B
Script
General
Full URL
https://www.clarity.ms/tag/ed9ggbnvvo
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c100a11b3af936c4922e9a95c8aad6ed0f85150a1be3a7fca9b9c7c4e771ddae

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires
-1
date
Thu, 25 Jul 2024 02:11:09 GMT
x-azure-ref
20240725T021109Z-17f5ddf5675jjrvrn11u0nusxs000000016000000001hr15
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
637
request-context
appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
9017396.js
extend.vimeocdn.com/ga/
17 KB
6 KB
Script
General
Full URL
https://extend.vimeocdn.com/ga/9017396.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.82.109 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache /
Resource Hash
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-cache-hits
6412
date
Thu, 25 Jul 2024 02:11:09 GMT
content-encoding
gzip
via
1.1 varnish
age
2033967
x-cache
HIT
content-length
5579
x-served-by
cache-chi-klot8100152-CHI
last-modified
Sun, 30 Jun 2024 22:33:15 GMT
server
Apache
x-timer
S1721873470.522769,VS0,VE0
etag
"421e-61c23110160c0-gzip"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
x-vimeo-dc
ge
x-bapp-server
assets-857cfc58bc-lhb6n
cache-control
max-age=86400
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 29 Jun 2034 13:11:42 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5RQ37KH
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 25 Jul 2024 01:24:11 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2818
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 25 Jul 2024 03:24:11 GMT
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je47o0v874289719z8811887192za200zb811887192&_p=1721873468382&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1943213831.1721873469&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1721873469&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&dt=Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2520
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cofense.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
251 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-3G76T4W3LR&cid=1943213831.1721873469&gtm=45je47o0v874289719z8811887192za200zb811887192&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cofense.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gif.gif
ibc-flow.techtarget.com/a/
43 B
441 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1721873469444&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier
17654763
Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
via
1.1 google
x-guploader-uploadid
AHxI1nNCgsBSNG_hi7mGNbiyqH-JAWL-p7oNrJH1MIV1cE4g1JXEPpxsuG_3N7FcYr0A0dNwm9M
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
server
nginx/1.20.2
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
vary
Origin
x-goog-generation
1670534369365034
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control
public, max-age=3600
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-length
43
accept-ranges
bytes
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires
Thu, 25 Jul 2024 03:11:09 GMT
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17654763&r=1721873469444&ref=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://cofense.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 25 Jul 2024 02:11:09 GMT
expires
Thu, 25 Jul 2024 02:11:09 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
AHxI1nORg3UCVDa34yCAldNPVeyL2yufY16LCvxzxQDdRnx5rTUuyzJ--BNsh5byr_j-5FUDAhk
clarity.js
www.clarity.ms/s/0.7.41/
62 KB
26 KB
Script
General
Full URL
https://www.clarity.ms/s/0.7.41/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/ed9ggbnvvo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
content-encoding
br
last-modified
Mon, 22 Jul 2024 18:04:22 GMT
etag
W/"0x8DCAA78B72A2AB6"
vary
Accept-Encoding
x-azure-ref
20240725T021109Z-17f5ddf5675jjrvrn11u0nusxs000000016000000001hr1z
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
916cee44-201e-0051-6da5-dcb357000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
messenger
app.qualified.com/w/1/H3wWDXLUxD4irieG/ Frame 5A71
0
0
Document
General
Full URL
https://app.qualified.com/w/1/H3wWDXLUxD4irieG/messenger?uuid=4ca4a9b9-9384-41db-b923-814ad185d1b3
Requested by
Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=H3wWDXLUxD4irieG
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.175.123.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-123-196.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0, private, must-revalidate
Content-Encoding
gzip
Content-Length
1878
Content-Security-Policy
Content-Type
text/html; charset=utf-8
Date
Thu, 25 Jul 2024 02:11:10 GMT
Etag
W/"595e13ddbbc2a9f5f96c76eccd62ff5e"
Link
<https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Accept-Encoding
Via
1.1 spaces-router (42359e36e9bb)
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
be5d8701-3130-8d97-3670-21b4592212f1
X-Runtime
0.013512
X-Xss-Protection
1; mode=block
/
px.ads.linkedin.com/wa/
0
777 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 556BA0C2F2594CC7864B6EC66EF2EC3A Ref B: LAXEDGE1809 Ref C: 2024-07-25T02:11:09Z
linkedin-action
1
vary
Origin
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
access-control-allow-origin
https://cofense.com
x-cache
CONFIG_NOCACHE
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYeCOiEAdjL8OIuSd00lw==
attribution_trigger
px.ads.linkedin.com/
2 B
977 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
content-encoding
gzip
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cache
CONFIG_NOCACHE
x-li-uuid
AAYeCOiEFaIrJfJWrZ58yA==
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 67F661E0405E40C2A3CA267246A214D2 Ref B: LAX311000108031 Ref C: 2024-07-25T02:11:09Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-ltx1
access-control-allow-origin
*
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-fs-uuid
00061e08e88415a22b25f256ad9e7cc8
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesTe...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D300721%26time%3D1721873469616%26url%3Dhttps%253A%252F%252Fcofense.com%252Fblog%25...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesTe...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesT...
0
488 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJM0EHkQVC4DAAAAZDnqBLpXxdQHFAoYN_SIcmEFLUFlSeC7NpBTINvWLvrbY5l3wXXXA
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: DD678F56135449A4998C088EAEB9E345 Ref B: LAX311000110045 Ref C: 2024-07-25T02:11:10Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYeCOiNyZ9mTF9Ni8/Z1w==

Redirect headers

date
Thu, 25 Jul 2024 02:11:10 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 09366E6321484CB78436EDD21C755BAC Ref B: LAXEDGE1809 Ref C: 2024-07-25T02:11:10Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=300721&time=1721873469616&url=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQJM0EHkQVC4DAAAAZDnqBLpXxdQHFAoYN_SIcmEFLUFlSeC7NpBTINvWLvrbY5l3wXXXA
x-li-proto
http/2
content-length
0
x-li-uuid
AAYeCOiJxI0cacxQXx/3/A==
munchkin.js
munchkin.marketo.net/163/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.207.134.130 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-207-134-130.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 02:11:09 GMT
Content-Encoding
gzip
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4741
Expires
Sat, 02 Nov 2024 02:11:09 GMT
187125267.js
bat.bing.com/p/action/
335 B
403 B
Script
General
Full URL
https://bat.bing.com/p/action/187125267.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e0f9a49b3445df93031ef8414eab4c9266e8e6aefc9594c8b3f49376f57ee97c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Thu, 25 Jul 2024 02:11:09 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 34814AC630B14E7393FCC2FA33648B22 Ref B: LAX311000113047 Ref C: 2024-07-25T02:11:09Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
ping
okt.to/
0
100 B
Script
General
Full URL
https://okt.to/ping?uri=%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&aid=001shx33p56dsdg&ts=1721873469671
Requested by
Host: static.oktopost.com
URL: https://static.oktopost.com/oktrk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.20.195.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-20-195-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:10 GMT
strict-transport-security
max-age=31536000;
content-type
text/javascript;charset=UTF-8
getuidj
secure.adnxs.com/
11 B
700 B
XHR
General
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.182 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
an-x-request-uuid
1916ffae-0b13-4271-acf4-4f7ab01e7be5
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://cofense.com
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
162.245.206.248; 162.245.206.248; 797.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length
11
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/
7 B
190 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://cofense.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
18 B
306 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:2e::1735:ba8 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2def2cfd1055dbcdfdc2e4b116c8b56cc2127a85616437de2867ccd7b045c8aa

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://cofense.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a04:c604:615:1::3
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721873470024_389185960_2072988158_16_691_117_136_219";dur=1
content-length
18
expires
Thu, 25 Jul 2024 02:11:10 GMT
/
c.6sc.co/
7 B
190 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:09 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://cofense.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
18 B
305 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:2e::1735:ba8 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2def2cfd1055dbcdfdc2e4b116c8b56cc2127a85616437de2867ccd7b045c8aa

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://cofense.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a04:c604:615:1::3
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721873470289_389185960_2072989328_48_640_117_0_219";dur=1
content-length
18
expires
Thu, 25 Jul 2024 02:11:10 GMT
0
bat.bing.com/action/
0
360 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=187125267&tm=gtm002&Ver=2&mid=729eb888-e52f-45f1-97bd-e8245b440c6b&sid=28a4e2604a2b11efb1bf475f276d176a&vid=28a4fc704a2b11efaa5ad5eeb607e443&vids=1&msclkid=N&gtm_tag_source=1&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk&p=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&r=&lt=1610&evt=pageLoad&sv=1&cdb=AQAQ&rn=464996
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 25 Jul 2024 02:11:09 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 8E9BDE7E51354F62B0C1A44A8E04A26F Ref B: LAX311000113047 Ref C: 2024-07-25T02:11:09Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
visitWebPage
404-jhu-612.mktoresp.com/webevents/
2 B
318 B
Ping
General
Full URL
https://404-jhu-612.mktoresp.com/webevents/visitWebPage?_mchNc=1721873469801&_mchCn=&_mchId=404-JHU-612&_mchTk=_mch-cofense.com-1721873469800-20942&_mchHo=cofense.com&_mchPo=&_mchRu=%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 02:11:10 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
3dae0fc2-e0ff-4131-83f2-86db203e5808
collect
t.clarity.ms/
0
275 B
XHR
General
Full URL
https://t.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://cofense.com
Date
Thu, 25 Jul 2024 02:11:10 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
bd1285fd-ce7d-4f4f-aed1-c31e69e1c3b0
https://cofense.com/
43 B
0
Image
General
Full URL
blob:https://cofense.com/bd1285fd-ce7d-4f4f-aed1-c31e69e1c3b0
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
43
Content-Type
image/gif
details
epsilon.6sense.com/v3/company/
755 B
714 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash
9bf3141471c1c3df20ce4a8ef42efdd4cc6ebdbf535348355edd0cb43bf7be62

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Authorization
Token a9e769d7d96a596f969b9dc5023033e21a69bf40
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID
WebTag1.0 b253130e4accad98012a3abe3f4b4c7a

Response headers

x-trace-id
8347729321060780522
date
Thu, 25 Jul 2024 02:11:10 GMT
content-encoding
gzip
server
nginx
vary
Origin, Accept-Encoding
content-type
application/json
x-6si-region
us-west-1a
access-control-allow-origin
https://cofense.com
access-control-expose-headers
X-6si-Region
access-control-allow-credentials
true
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-length
399
details
epsilon.6sense.com/v3/company/ Frame
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://cofense.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://cofense.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Thu, 25 Jul 2024 02:11:10 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
us-west-1a
x-trace-id
5425996220474340520
collect
www.google-analytics.com/j/
15 B
218 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1871501519&t=pageview&_s=1&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&ul=en-us&de=UTF-8&dt=Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgUABAAAAACAAI~&jid=124486066&gjid=590229613&cid=1943213831.1721873469&tid=UA-114787942-1&_gid=221068787.1721873470&_slc=1&gtm=45He47o0n815RQ37KHv811887192za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&z=664518892
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1f::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
55a584b426a4c83b14dc79e65c48e065d826852bbbd32814c0127f6ac70a922e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cofense.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
148 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-114787942-1&cid=1943213831.1721873469&jid=124486066&gjid=590229613&_gid=221068787.1721873470&_u=YCDAgUABAAAAAGAAI~&z=452402301
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 25 Jul 2024 02:11:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cofense.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&v=1.1.22
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:10 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22b253130e4accad98012a3abe3f4b4c7a%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22a9e769d7d96a596f969b9dc5023033e21a69bf40%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&v=1.1.22
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:10 GMT
js
www.googletagmanager.com/gtag/
336 KB
108 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-ZVTRKX60MM&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.31.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
f419c51804d5b17d5b8b0b8c35560ac615ede7c0924b0d9cc81fb5ef9f45ce55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:10 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
110356
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 25 Jul 2024 02:11:10 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=ipv6&q=%7B%22address%22%3A%222a04%3Ac604%3A615%3A1%3A%3A3%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&an_uid=0&ipv6=2a04%3Ac604%3A615%3A1%3A%3A3&v=1.1.22
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:10 GMT
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-ZVTRKX60MM&gtm=45je47o0v870050076za200&_p=1721873468382&_gaz=1&gcd=13l3l3l3l2&npa=0&dma=0&tag_exp=0&ul=en-us&sr=1600x1200&cid=1943213831.1721873469&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&dt=Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk&sid=1721873470&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3620
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZVTRKX60MM&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cofense.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
17 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZVTRKX60MM&cid=1943213831.1721873469&gtm=45je47o0v870050076za200&aip=1&dma=0&gcd=13l3l3l3l2&npa=0&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZVTRKX60MM&cx=c&_slc=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ww-in-f156.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cofense.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A09%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&an_uid=0&ipv6=2a04%3Ac604%3A615%3A1%3A%3A3&v=1.1.22
Requested by
Host: cofense.com
URL: https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:10 GMT
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6801A065A3BF4C959F9D232F725E4152&RedC=c.clarity.ms&MXFR=0265C93439B3688736D2DDF33DB36690
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6801A065A3BF4C959F9D232F725E4152&MUID=00726EF53FC56BFC2F537A323E2B6AA7
42 B
441 B
Image
General
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6801A065A3BF4C959F9D232F725E4152&MUID=00726EF53FC56BFC2F537A323E2B6AA7
Protocol
H2
Server
20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:10 GMT
last-modified
Tue, 25 Jun 2024 19:54:30 GMT
server
Microsoft-IIS/10.0
etag
"df9747e39c7da1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:11 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 666A4609A0EB4F80AA037DA35A2998FD Ref B: LAX311000113047 Ref C: 2024-07-25T02:11:11Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6801A065A3BF4C959F9D232F725E4152&MUID=00726EF53FC56BFC2F537A323E2B6AA7
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
cofense-favicon-150x150.png
cofense.com/wp-content/uploads/2022/04/
3 KB
4 KB
Other
General
Full URL
https://cofense.com/wp-content/uploads/2022/04/cofense-favicon-150x150.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fe6a21b99ad629b5d5f98e1bd537b62ddb86b0653e25dffaa01ddf52309bfc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 25 Jul 2024 02:11:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
content-length
3316
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 19 Apr 2023 20:40:49 GMT
server
cloudflare
etag
"644051d1-cf4"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
permissions-policy
geolocation=(self "https://cofense.com"), microphone=()
accept-ranges
bytes
cf-ray
8a889e2948492a98-LAX
collect
t.clarity.ms/
0
275 B
XHR
General
Full URL
https://t.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.189.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://cofense.com
Date
Thu, 25 Jul 2024 02:11:10 GMT
Access-Control-Allow-Credentials
true
Server
nginx
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A10%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&an_uid=0&ipv6=2a04%3Ac604%3A615%3A1%3A%3A3&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:11 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:11 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A11%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&an_uid=0&ipv6=2a04%3Ac604%3A615%3A1%3A%3A3&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:12 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:12 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
258 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A12%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&an_uid=0&ipv6=2a04%3Ac604%3A615%3A1%3A%3A3&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:13 GMT
x-content-type-options
nosniff
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:13 GMT
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-3G76T4W3LR&gtm=45je47o0v874289719z8811887192za200zb811887192&_p=1721873468382&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1943213831.1721873469&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&sid=1721873469&sct=1&seg=0&dl=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&dt=Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk&_s=2&tfd=7536
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-3G76T4W3LR&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:14 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cofense.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/
43 B
257 B
Image
General
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A13%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&an_uid=0&ipv6=2a04%3Ac604%3A615%3A1%3A%3A3&v=1.1.22
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.104.75 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-104-75.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 25 Jul 2024 02:11:14 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 25 Jul 2024 02:11:14 GMT
img.gif
b.6sc.co/v1/beacon/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lltrck.com
URL
https://lltrck.com/scripts/lt-v3.js?llid=19612
Domain
b.6sc.co
URL
https://b.6sc.co/v1/beacon/img.gif?token=b253130e4accad98012a3abe3f4b4c7a&svisitor=null&visitor=a100cce2-473a-4a27-8cf1-5731aa568f56&session=d16212ea-f4a2-49ca-8050-6749f19c9e33&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2025%20Jul%202024%2002%3A11%3A14%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Recently%2C%20threat%20actors%20appear%20to%20be%20abusing%20how%20SEGs%20scan%20the%20contents%20of%20archive%20type%20file%20attachments.%20The%20threat%20actors%20utilized%20a%20.zip%20archive%20attachment%20and%20when%20the%20SEG%20scanned%20the%20file%20contents%2C%20the%20archive%20was%20detected%20as%20containing%20a%20.Mpeg%20video%20file%20and%20was%20not%20blocked%20or%20filtered.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Malware%20Exploit%20Bypasses%20SEGs%20Leaving%20Organizations%20at%20Risk%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fcofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F&pageViewId=25721bc2-a6fb-46dc-8555-a48aa0cb319a&an_uid=0&ipv6=2a04%3Ac604%3A615%3A1%3A%3A3&v=1.1.22

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| jQuery object| ecs_ajax_params boolean| canBeLoaded function| ECS_load_next_page function| EleCustomSkinChangeUrlPage function| EleCustomSkinReInitJs object| ECS_hooks function| ECS_add_action function| ECS_do_action object| dataLayer string| QualifiedObject function| qualified object| eio_lazy_vars function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| elementskit function| EvEmitter function| imagesLoaded object| webpackChunkelementor_pro object| webpackChunkelementor object| elementorModules object| runtime object| regeneratorRuntime object| wp function| sprintf function| vsprintf object| ElementorProFrontendConfig object| elementorProFrontend function| Waypoint object| elementorFrontendConfig object| elementorFrontend object| lazySizesConfig object| lazySizes function| animateCircle object| ElementsKit_Helper function| Sticky object| lazyLoadOptions function| LazyLoad object| images boolean| is_image object| iframes object| rocket_lazy boolean| _q_widgetInitialized string| _q_lastClientActivityAt object| DialogsManager object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| _6si function| processEpsilonData string| epsilonName boolean| enabled function| callback number| version object| _linkedin_data_partner_ids boolean| _already_called_lintrk object| formalyze function| Attributor object| __utmz string| OktopostTrackerObject function| _oktrk object| techtargetic function| clarity function| onYouTubeIframeAPIReady string| GoogleAnalyticsObject function| ga function| ShareLink object| gaGlobal object| ZILogs object| ziws object| Vimeo function| __vimeoRefresh function| lintrk object| ORIBILI function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| UET function| UET_init function| UET_push object| ueto_46d79a9116 object| uetq object| MunchkinTracker boolean| _storagePopulated object| gaplugins object| gaData

37 Cookies

Domain/Path Name / Value
.cofense.com/ Name: _gcl_au
Value: 1.1.55161754.1721873469
.cofense.com/ Name: attr_first
Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F%22%2C%22date%22%3A%222024-07-24%22%2C%22timestamp%22%3A1721873469151%7D
.cofense.com/ Name: attr_last
Value: %7B%22source%22%3A%22(direct)%22%2C%22medium%22%3A%22(none)%22%2C%22campaign%22%3A%22(not%20set)%22%2C%22term%22%3A%22(not%20provided)%22%2C%22content%22%3A%22(not%20set)%22%2C%22lp%22%3A%22cofense.com%2Fblog%2Fmalware-exploit-bypasses-segs-leaving-organizations-at-risk%2F%22%2C%22date%22%3A%222024-07-24%22%2C%22timestamp%22%3A1721873469151%7D
.techtarget.com/ Name: __cf_bm
Value: 5cr.4SETQsP09vFMpD6neg2rY5uMRs3zihlWc0nsO2k-1721873469-1.0.1.1-tir_oAvvUOEs7shPPlkYzsKJvChbT1OGrzs5sl2d5oKGDhCOll2bAGaQ6S.WxT6g8N0N0gvGwzKAoRpCZEfJfA
.ws.zoominfo.com/ Name: visitorId
Value: 60e18b8f09c8e19359cf7030f51e250279eb3bfcaa2b3267f10029b317347856
.zoominfo.com/ Name: __cf_bm
Value: q_7k0fg9ypYHxj42xyRQ0RI041xh97P.4dOAAzyRlQg-1721873469-1.0.1.1-UuWXjjRFjzxCz0fl576.2RB7vNHYMOMo8Ge2NfKWle0ut8tW3oucPF5lXUCVVLnxaAGKUCkH66r11.J8GEaMRA
.zoominfo.com/ Name: _cfuvid
Value: c1RjU83Ct7wo_YpJ5cK81eKYzmPx9wFoMetM7oIES3g-1721873469447-0.0.1.1-604800000
www.clarity.ms/ Name: CLID
Value: 2496e569fc48497685d58ec50e591864.20240725.20250725
.cofense.com/ Name: _clck
Value: 1kni1vd%7C2%7Cfnr%7C0%7C1667
.cofense.com/ Name: _uetsid
Value: 28a4e2604a2b11efb1bf475f276d176a
.cofense.com/ Name: _uetvid
Value: 28a4fc704a2b11efaa5ad5eeb607e443
.cofense.com/ Name: _mkto_trk
Value: id:404-JHU-612&token:_mch-cofense.com-1721873469800-20942
.linkedin.com/ Name: li_sugr
Value: 8f92905c-87ff-4540-ade9-57704692ae03
.linkedin.com/ Name: bcookie
Value: "v=2&4cc6dd7d-15b0-4b3c-8344-ee1741b17ba4"
.linkedin.com/ Name: lidc
Value: "b=TGST08:s=T:r=T:a=T:p=T:g=2843:u=1:x=1:i=1721873469:t=1721959869:v=2:sig=AQHoskXu1EmNrYpfex9FlYub3qsas6wQ"
.bing.com/ Name: MUID
Value: 00726EF53FC56BFC2F537A323E2B6AA7
.bat.bing.com/ Name: MR
Value: 0
.cofense.com/ Name: _ga
Value: GA1.2.1943213831.1721873469
.cofense.com/ Name: _gid
Value: GA1.2.221068787.1721873470
.cofense.com/ Name: _dc_gtm_UA-114787942-1
Value: 1
cofense.com/ Name: _gd_visitor
Value: a100cce2-473a-4a27-8cf1-5731aa568f56
cofense.com/ Name: _gd_session
Value: d16212ea-f4a2-49ca-8050-6749f19c9e33
.linkedin.com/ Name: UserMatchHistory
Value: AQJlcxUGWtdd7wAAAZDnqBHfR9myvXhCkwTcZqTRtbUTkpGFbzwzQjesf7BeroCTy41-fTyNkHYQrQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQICslaO33Q54AAAAZDnqBHfZ0XVSRGbO8d00ViSekKZx4PB9fEJuGYpieiJCVXDyQ55Z6moyQaZkycTux6MxA
.www.linkedin.com/ Name: bscookie
Value: "v=1&2024072502111052af3d92-621d-4a50-8e4f-efd1b54e420eAQHDKnTiwoaz8myMBSKya2TwYm8aTiEs"
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
cofense.com/ Name: _an_uid
Value: 0
.cofense.com/ Name: _clsk
Value: 1g984pj%7C1721873470419%7C1%7C1%7Ct.clarity.ms%2Fcollect
.cofense.com/ Name: _ga_ZVTRKX60MM
Value: GS1.2.1721873470.1.0.1721873470.60.0.0
.cofense.com/ Name: _ga_3G76T4W3LR
Value: GS1.1.1721873469.1.0.1721873470.59.0.0
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 00726EF53FC56BFC2F537A323E2B6AA7
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 00726EF53FC56BFC2F537A323E2B6AA7
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.cofense.com/ Name: __q_state_H3wWDXLUxD4irieG
Value: eyJ1dWlkIjoiNGNhNGE5YjktOTM4NC00MWRiLWI5MjMtODE0YWQxODVkMWIzIiwiY29va2llRG9tYWluIjoiY29mZW5zZS5jb20iLCJzY3JpcHRJZCI6IjEzODEzNTg3Njc0NjE3NDQ5MzEiLCJtZXNzZW5nZXJFeHBhbmRlZCI6ZmFsc2UsInByb21wdERpc21pc3NlZCI6ZmFsc2UsInN0YXRlQnlTY3JpcHRJZCI6eyIxMzgxMzU4NzY3NDYxNzQ0OTMxIjp7ImRpc21pc3NlZCI6ZmFsc2V9fSwiY29udmVyc2F0aW9uSWQiOiIxNDQ2Nzg0NzkzODczNDA4MjY5In0=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

404-jhu-612.mktoresp.com
analytics.google.com
app.qualified.com
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cofense.com
epsilon.6sense.com
extend.vimeocdn.com
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.qualified.com
lltrck.com
munchkin.marketo.net
okt.to
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
secure.adnxs.com
snap.licdn.com
static.oktopost.com
stats.g.doubleclick.net
t.clarity.ms
trk.techtarget.com
ws.zoominfo.com
www.clarity.ms
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
b.6sc.co
lltrck.com
104.16.117.43
13.107.42.14
13.248.142.121
141.193.213.20
142.250.31.97
142.251.167.156
146.75.82.109
192.28.144.124
20.110.205.119
20.114.189.70
2001:4860:4802:34::181
216.239.32.181
23.207.134.130
23.48.104.75
2600:1408:ec00:2e::1735:ba8
2600:141b:e800:11::172c:839c
2600:141b:e800:59::1735:7e1c
2606:4700:4400::6812:24c4
2606:4700::6812:1005
2607:f8b0:4004:c0b::61
2607:f8b0:4004:c1d::9a
2607:f8b0:4004:c1f::8b
2620:1ec:21::14
2620:1ec:bdf::40
2620:1ec:c11::237
34.111.208.231
52.20.195.32
52.85.151.80
54.175.123.196
68.67.161.182
03ca8c38633872b885f1e54e729c4597da2f1c52d06f9a5289ddda7ca3a9930c
04055d9f6cd872709ef5bb10b270e4ab5176abeda27629e52da6569d5727c82b
068fa7ca7bdc8575f14fc0fd401c6302414c246f8264c45afe6e3cae05f602a1
0715107f2dd6a8cd336e310c83a0610bd746a455bf52b6e7b4f2ebd8f1d55503
09016600a13dd4825b72516765a8da53d1ab896f7582c4619d014e8ee147ea84
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
12c3f7bc60c99d1b6b634d6cd16fbb0e26ae75ddda15d7a6e5106cd5dad83f14
138154c0deed3326477b9b4909175101070a5a3a95342291b53d8cc9879a5f47
17b79ece7ef9d1454a90156690d33d64387b67a7a7548fc826012512e287a937
19a1a7a1e6c803ce9f72c242437fcb8c70de147c04e90f93e10e48a1390b8e93
19d9b52a5ca4a1f6ff7d6c7c0b381586b67868341fddb25184b68dbbc7fc17a8
1bcdef9d98863170f786e3c5faa16adc7c07a1884b3300dd6981719cc5469553
1bfcbf54f027c5328af5d39838ae5f2516bc570e85beebc9250a3ecbca2774a8
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c6f59568daa92440b86989c65cd80e534bdb6790431dbf46ed34e6bad60b652
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
201cca51d07dad4d3a75b10ee802617404b214805dca07722082a0a52dee3221
20c814f817ad386cae71acf50af369d6d58af009c208e6cff9b3abefc19c202d
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
2479d6764c0ca2e4fe21c29601abd54bcf84ede3d3b7e9c0b7ce8b2587b15e23
2840204925038b76e52b3e8c23c09f4d2522cd86fe900f8a7417fe7f22aa0c9f
2cb546fbdda7995d374fffa4b2f6530bbcf57d014639ddf76de45df43d593045
2def2cfd1055dbcdfdc2e4b116c8b56cc2127a85616437de2867ccd7b045c8aa
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ff05de64105bca28e087ae2b0a924bdb50d8d48837c4c46d3de5ed2e2ec0d33
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
3779434f714ca650062318a594900af43e6f7027cf15d90bfa1641b83524040e
3c1a5c4b5574a4104a92b2e700e6f0fc5b001c4297ebc5a1e76d67b1fbeb1c2d
3fa0d3f28e02fb507026ccc3ac09f13c0b337fbdd78c81c389c6fed9f85d5813
423bfe7d5fe7eef06a8923da955d707e790aa85e764b9b16df669baaabc5b2c4
43bc01931a0d2ace0049be420914d40777996c315bb4b03e66d3d0551b24d133
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44c68a4716777a09c291d971f91468c7e72dd2beadecd931aaea641758f4d726
478eca1affb59d9e0751d3a4a92394683a64129789656c9302d5c8729bb1930b
4b812fc324c6d53b4894d498952a9c8d6629e52404a357a6ff01dedadc86a032
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
4e5c3253f70a6fd0d5ad6ce4be09113ca089f2a9fd1caf8480534f289c64503e
4f42fa1fe21c3cdf7ccfa09bfb44d1325bd3713e1ddb82e661e2c28002eef957
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5333d5e653f78ce38cea1f529d9ec04b857189992dfbfb4d4af78afef6e571ac
55a584b426a4c83b14dc79e65c48e065d826852bbbd32814c0127f6ac70a922e
561cee3ce7c56f84f342daeef6d3be53a01f09375f48f915b006779a62852dc2
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
566d4c5dfefc9c4d867e6bef080917a4273b4228731a8700e81f1763eae3d861
591fd71bda2fa154c76c78b44b715b0039fdd853d87164d0dd7ca8560a81bf26
5cbb928e9fdc993afc7d55852917fd3e2f813ba08deea92ac5d790ff589c1bd7
5e7015ac91edb803465bcfcd3001530ad97288415e56d51e09299b1097ba450e
5f9d0336cd0508eda4cbfc5102e02162dcc853aff19a92c92d054985e6750bcc
5fe6a21b99ad629b5d5f98e1bd537b62ddb86b0653e25dffaa01ddf52309bfc1
60afa9c27db666400527f22830801ef3729f5d5b87f7b5067f83440ff2496bf4
63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69
65fde5fc0a0151d33bea0bfc69398048f6037da276705d396761015b31ccba84
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
6eafef48033bf87526b129f8f292a7ea8b943988241b3abefe94d3a95668ac8a
6ecbdb2dc3f86c7ed142dce156d8f3ca1846b75bb512471935f45b8c8949645e
7108c57d4a139fafb6229cd0a3d6c12dc201366e2f0af5ddbb1d847a7a8d0e74
75ecb73af38f024c1e8839ac779bc757436e6b393dd19bba54f0ac37a953ecdd
773104676519ca589032709ad2032bb86d86e5ff521b005c32ca77efabfb5917
7c7089dd16dcc95505ef77a7e63ab602d96a1f09f2fe0b125607e177077f0706
80134a65ae5e785cca88bacd46b465388e7b5733e9346c90a4e67c33f8aacda9
8230ed5920f71cd4822796cf361232ffb9b149702a4386eef638c017eeadef8e
8270aef6c652b866ec1d59a755cc9efd2cd7f21bc5665cc159955ec9acdbc080
88d976ec9c0fc488231f8152d80fb875965ce0d3143428f79d74796541c33464
895419d5013d031243d0020dbfe6f10889d3e1ca3602326dc08121aa0b157810
8cbc49b1385bf29debe95333f04795a6e3a2cf218d88b415b29872d06491fd1c
8e0a2682f332ad73c814d560931716335637b94644ac72cac93adfd7bb3eec4c
8e604215fe4a988196d6b824554fad49143f7450349b4a2a285dad3faeba2f7b
8ee0654259fda0bbfeab4305b895e740659613080d90352bd36c1452fd426ef6
942c9264f9de00fecac162d8f657d9d32a977882341f6ab66e8bf98dab5e1e76
95af163892829a3ef249441b70b2c8281b845edea4b24680d3326486861d6082
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b069f7437ebdeb87f72373c10c2fd1b4daf67e3d277730fe66df19f0fb4d3ad
9bf3141471c1c3df20ce4a8ef42efdd4cc6ebdbf535348355edd0cb43bf7be62
a4520a0a707fc2a3a3e0a98b8bafb12e1cee7bfffd0c40ac584115506a32ef19
a8642bcd147ba3528345f5bd17f788cd524931e093255b2c1c8344677a1ab505
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
afea0df3f263254aedfd261ee242cfa668179aeaa1f07c1f8eb6aaeee21de2bc
b083e03768839bb066c860f4500ad59707e613ab6c0595ca1fef4075b9f6b29e
b65b3de1bc923b9355248a0d941a0eaee15dfb9a6b8eadb51323a8df6189dcd1
b735abfd3f1b3a6f897c02349cd53c77250fe36881f5cc292e4605f5c682cc3a
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
b8449a28a151415d580be1dfd69056906199f1dd6ceb2c1b5edf61950ada9d13
ba8bea6a6bbbb634afd80fa6128f556a2d09331a9b5e14754d134c43748d5dcd
bacd426460574c0fc84822fd3846441f1040b4374c8350d67271049bd29fc6d7
bb5b6c52c072488848fbe51554382a6bc0be26a315e7558aa5ad61df4433b2dc
c100a11b3af936c4922e9a95c8aad6ed0f85150a1be3a7fca9b9c7c4e771ddae
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c3dfc3f03106f85ab56ceaadf44433f35cca4209d64922d50a1c650c90aa60ad
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ccae161de19152ccdcc8063ff2ef940df52a2f36247488fb8485189bbf9afadf
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d191094291904cb0410cf3a475ea46eee6573c0922cc204759445e326d6d9233
d211254060b80fc2201de96d1ce64210ab0540fea0e20403a2d1cd3a844c9bd4
d22a8ce5b62f7de94c4183b2528d1bc7d6b220be97b72d04c7aea220e273d58f
d2e0ee5e469ac9df09b8eaf79b81cd5628259671c7ea33a98d6acd86dfcadc1d
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d7cc7d87e5cfae18265cb63d84171485c31d65a1c4860c774d19a88502a80478
dc7e118b7e07217031d017282955569cb66891f527050135caadb2dd5779824f
dc94b523bab0c0ea56ba4a61309d8eda8d05c473b2c61be2d2c184edaf67396a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0f9a49b3445df93031ef8414eab4c9266e8e6aefc9594c8b3f49376f57ee97c
e2059fca38ad9519cd980c3b62dca5f77d2cb02686ae61efe65f9860af4b7252
e3a327ede8837b4bfeaf51589f7a32230334e59062d29f7ecd6aa5d8e0d76fbc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9ba3d0c5d5408e00becd36ad394fa9ad9c0616741ebdd6dddc8e837db3605ba
ea8cbae7a4d8479ebb8a06ce8154b4835f7d1422b0a021487ffeb3f5359a332b
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
f413e41c7570ce02b76c3ae336f4d0b41c4825b0d541d392eaaa3d297c37cd3b
f419c51804d5b17d5b8b0b8c35560ac615ede7c0924b0d9cc81fb5ef9f45ce55
f7da3ef42dba768092b363f7d643a0fadc6ce1120f6313efe28c73b7d41aa945
f7e5b0c06ee5bbc14d3e9e9f3055b8108bab899e37aec44a227485f3c3624cee
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c